it was in a number of products. now, there was concern when black people started to use cocaine for example "the new york times" ran an article in 1914 about black folks being the new southern mannes but black cocaine was the new southern . and the way that cocaine most talked-about or black people being under the influence was talked about was that it caused them to be more murderous. it caused them to rape white women and be unaffected by bullets. all this nonsense was going on then and it's going on now although the language has been tempered but they are such easy scapegoats because much of the population don't use drugs. you can't say these things about alcohol even though alcohol this pharmacologically active and

just like any other drug but you can't say these crazy things about alcohol because many people drink alcohol and they know the effect. fewer people use cocaine so you can tell these incredible stories about cocaine. ..

i must admit there's a part of me that feels great respect for any that resisted the temptation to become the department of peace and stability studies. [laughter] in his fourth book, his fourth, isn't it? it will not take place, which incidentally you'll be able too buy here after wards. which is a fascinateding assault of a whole series of say -- sacred debate. it -- and present it in apop -- apocalyptic terms. we'll try to keep this lean and pointed.

let me start with one of my most basic questions. why did you feel the book needs to be written? why did you feel the need to take on the cyber industry? >> when i was hired in the department of war studies, two years ago my head of department introduced me as -- [inaudible] and conflict war. my head of department introduced me as mr. thomas rid, our cyber war expert. and i cringed when he did this, because remember the colleagues literally next door in the office in the next office would be working on, say, the really serious military questions like the seven day war. there's never anybody kill order injured an a cyberattack. when you talk about cyber war as so many people are doing. we are talking about it in the war on drugs or gun --

gun which is is serious. i'm not try to talk it down at all. we're talking about the real thing. military operations, executed without a computer code that has real strategic effects on tactical effects. the book is trying to offer a framework to distinguished between it and the real thing. >> okay. but then one of the obvious responses to that is when you say cyber war take place, -- [inaudible] by defining war in a particular way. in a particular way put out a century before there were computers and warfare. now it's just simply, okay, even if so far no one has been killed. political damage, isn't this what war is about? killing people is a way in which you assert your will. >> yes, indeed.

absolutely. to keep in mind whenever we use weapons and whenever we speak about the use of force, the use of force in a international or domestic arena. indian you interested in organized crime. and law enforcement as well. you have -- [inaudible] there's an aspect to it. the violent aspect from the objective, then we're going to be doing something else. i think we need to recognize that very basic fact. if we then think about the special case of using computer attack, networking, cyber oven -- offenses an interesting difference comes to mind. almost all weapons that we know, instruments that are used to ply for -- the weapon carry their own

energy. t simple observation. think a missile, even a bullet, even a knife. but codes, computer codes if weaponized has to isk to basically be a parasite on the target system. as you are sitting here, or i'm sitting here, we are invulnerable to a cyberattack unless we possibly have a pacemaker with an ip address, which doesn't exist at this point. if so you a pacemaker, don't be concerned. sometimes people are concerned after these talks. it's important to say that. don't be concerned. so in other words, weaponized code has to turn the target against itself, crash -- explode a power plant, or as it happened in iran.

that's something quite special and consequences about it. >> which does make it sound like the parallel is precisely biological warfare. what happens is precisely the germ or whatever will make your body go bad thing to you rather than impact you directly. >> indeed. >> why -- i was mindful. leon panetta saying -- an electronic pearl harbor. we go back to your title is rebuttal of sort of the founding documents of this that said cyber war is going to happen. why is there such a big industry? >> yes. for a number of different reason. first, i think it's important acknowledge that when leon panetta when he was secretary of defense or head of the cia, when he spoke about pearl harbor, he

did this for political reasons more than anything else. usually when you he said he wanted to create an impression to congress to pass cybersecurity, the russian -- [inaudible] if senators and congressman are really and representatives are really disasterred -- scared then they would legislate accordingfully. -- accordingly. it didn't play out this way. and it points to the core problem. age lot of people have understood that the threat may serve their interest political interest in the international interest. if you have people scared, sometimes you goat sell them a product. of course, those people who really believe if and want to discount -- [inaudible] >> i'm taking an opposite view. i think the result of speaking -- talking about cyber war and it

and the whole statements is that we lose new ones. we lose the ability to distinguish between different problems. the problem space here is very diverse and my core assumption is that diverse problem has a diverse solutions and not one wholesale agency that could solve it or a policy that could stofl all. >> now, obviously your book is not just simply saying everything is fine and we don't need to worry. essentially, as you said, it's trying to shift the argument in to new areas. particularly you identified the three areas where you see that there was a genuine threat of subversion, sabotage, and expee knowledge. if we concentrate on sabotage ands espionage, let's start with espionage. because clearly it's -- [inaudible]

tv and family is that, you know, every system gets broken in to by the headachers. then we actually have cases where it's wikileaks issue or whether currently snowden, which came after your book was written. in actually massive amounts of information gets disseminated or passed to, quote, unquote, the wrong hands. we can have it displaced. a debate as to whether or not the wrong hands, which another time and another place. i'm sorry, unauthorized hands. the question i asked us to start off is, how much does that really matter? , i mean, if one of the key things that cyberattacks can do is precisely create an ground for espionage. in the modern world, does really matter in the age of google and, you know,? >> the espionage -- cyber espionage if you want to

use that preface. does really matter? yes, i think it does. in a way, i think the snowden revelation offering the most detail -- more detailed illustration than many people would have imagined. now, i think it's important to quickly signal where we stand on this matter. because what i'm observing right now in the public debate is a shouting match who those think snow, is a traitor and nothing positive came out. obviously it's a statement. and those who think that snowden was a hero and we don't need any secrecy in the first place. obviously it's equally really laughable of a statement. >>let try to talk about the more nuances. let me just give you one example and really provoke off the audience with a contra --

contradiction. today many intelligence agencies worldwide and other potential targets of intelligence operations, espionage, if you like, it's not commercial off the shelve technology for the security. for their communications as well as communication security. i'm sure it's most people in the audience as well use g-mail and microsoft products, et. that -- et. cetera. that means that the legitimate target of an intelligence operation and espionage operation, some militant group in pakistan will be using exactly the same technology that you are using with you check your g-mail account. the information is coming through the exact same fiberoptic cable. we want the nsa to be able to listen to one conversation, we

don't want the nsa to listen to another conversation. obviously in this fiberoptic cable, we have a contradiction. so we need a discussion on how to deal with the contra dib, and that's a tough decision to have. -- discussion to have. that's with respect to the -- going after the big bad demonstrate actor. we can turn that around. again, we have regular accounts of chinese intelligence activities through cyberspace, they launched the united states and other countries. whether or not it comes from a specific designated military unit or whether a spate yachtic hack -- patriotic hacker. it brings me to two questions, one is actually in the era of cyber war, define however you want to define it.

is the state losing the monopoly over the force. when it comes down it, can we point to things where cyber espionage really made difference? >> so let's look at the problem from the point of view of -- shall we say, those trying to steal nationally relevant information from companies? and most of the companies in the united states and europe. for the simple reason that there are still more companies in north america and europe that have international -- other companies would like to have. it's stealing -- not exactly one-way street. there's an asymmetry of ip, if you might. now even in the game of espionage and international espionage, especially we have a

serious threat and -- [inaudible] relates to the question you are asking. is the state -- is the state not competing with a number of other actors, criminal, militant, individuals, et. cetera. the answer is certainly, yes, and i'll give you one example. oftentimes when we speak about china and chinese entities, infiltrating targets in the united and exfiltrating information. there are a couple of things that come to mind here. first, they cannot lose it entirely. they adopt have to send somebody in to do that. that's an interesting historic issue. also, i think it's a fair assumption in china we have both scenarios at the same time hire -- [inaudible] engaged in operation

intelligence. and companies where individuals take a initiative, essentially a market for stolen ip, intellectual property. we have at the same time entrepreneurial and -- [inaudible] this is a very confusing situation, because, for instance, a lot of discussion in washington, d.c., right now about hacking back. not sitting back and being, you know, robbed of valuable property, intent yule property. but try fog go after the attackers. now it makes a difference who you are going after. whether you're going after a small individual or after an organized state entity. it's difficult to go in to more detail in the debate because so much is -- is not in the public domain, and

i should add, at this point, in the book contrary to the title "cyber war will not take place" i'm not talking about the future. i'm not trying to speculate too much about thing we just don't know. what i'm trying to do is go back to the historical record, to the -- imper call evidence and the technical environment we're looking at and look at the possibility and limitations. >> you mentioned that the historical context. one of the things i was thinking given we live in a world in which actually it's not always the state that has the power. it's not always that the brightest people work for the state. it's not that you need state resource. you can be the smart or lucky 16-year-old in your bedroom on the computer and achieve something extraordinary. i mean, i wonder if in some ways the parallel historically when

they become private pieters. [inaudible] and at at certain points states found it useful to say as long as you raid the other guy's inshipping, we'll give treat and like wise, i think we see that now, we see in china and certainly in russia. where a lot of the act we might think of is cyber espionage, or indeed, move in to sabotage are actually not being handled by state assets. but nor is the state turning out of the equation. it's just sub contracting and encouraging a new sort of stlt. >> yeah. certainly that's happening in a major way in this arena that we're discussing here today. so lelt ask the --

let's ask the question what other limitations? what can it not achieve? one is, if you are designing a high -- high impact cyberattack breach, you are likely to need two ingredients, -- i'm simplifying. you need two ingredients, skills and intelligence. so, for instance -- i'll give you an example. that only needs a little bit of skill and practically no intelligence. often many people will have heard of denial denial-of-service attack bringing down a website. requesting information from it. that is the only need the website address. but if you are on the other end of the spectrum, if you're trying to affect a highly

specifically designed control system, say a power plant or water plant, you need to know what you're looking at. it's not just a web address, it's also more than just a software that is used thousand of times. it may be a specifically unique configured software. if you want to have an effect on it, you have to know, you know, specific frequency of specific models that are turning as to information about the technical details. possibly currency, currency comes out. it get very technical very fast. intelligence about the target is very hard to come by. you need intelligence agencies for that. not always, but in the most critical cases and the most high-profile cases i would think you need some of that. now, it's an interesting debate how it may be changing. it is, perhaps, changing very

slowly, and there are new trends there. but nothing that is fundamentally shifting the ground. >> okay. to have those real major real-world impacts, it's not just enough to be a script -- [inaudible] who has some sort of off the shelf program. t not enough to be -- [inaudible] you need to have a variety of skills that are not readily available. let's move more to the realm of sabotage. what is, then, you think the real threat, the real challenge that we face in the future? >> i think it's important to give numbers in perspective here. and if we come a number of syria's computer sabotage attempts we have seen. let's define sabotage quickly. trying to steal the information and affect the whatever of the target system. usually by degrading -- [inaudible] in this sense we come to the denial of --

[inaudible] really bringing an online banking website for ab extended period of time. we could count it as sabotage. commonly what people understand under sabotage would be bringing down blackout in the city or the region. so an interesting fact, in the united we have never seen a single successful sabotage attack against critical infrastructure. [inaudible] >> this does not mean it couldn't happen. because some agencies are in a position to -- probably in a position to do that. it raises the question why it hasn't happened. some of the reason we mentioned because it's more difficult than meets the eye. it still is a real risk. so -- but it's a high relatively high

impact low probability risk. relatively high impact, because even the blackouts for a couple of day. that's very serious in our area. we have experience blackouts. blackouts are very serious. it's not as bad, say, -- [inaudible] we still have to keep that in perspective. but the more serious every day -- relatively unsophisticateed steal money and credit card fraud and other form of -- it's relatively easy to defend against those threats. i think we have to say that very clearly. sometimes in these book presentations i ask the question to the audience how many people use a password manager? which is a soft ware to help you remember complicated passwords

that have bizarre combinations of letters and numbers. usually about one or two people use password manager. i would presume they are interested in cyber secure or otherwise they won't be here watching this. yet they are not using password managers. what i'm saying is, let's get serious. let's not just talk about cyber war, but actually think about it. >> so from your point of view then, dramatically simplifying you're obviously not saying there is no -- [inaudible] just the threat is not necessarily the headline one. it's actually a much more mundane but still serious. but the thing is mugging is -- it's a greater threat than terrorism. but on the other hand, terrorism worries us much more and more dramatic. lelt lead it back to war. isn't one of the challenges not

that cyber methods sport men with guns, but they can actually enhance the impact of those people? >> yes. absolutely. that is why i'm suggesting this terminology, sabotage, espionage, and subversion. because these activities that i usually are happening either in the context of ongoing military operation, if we have military confrontation or even without military operations, sometimes -- without people trying to identify who they are. indiseed, as you say, we have seen instances where computer attacks have been used in the context of ongoing mill fair operations. one of the example that is often cited is the israeli force successfully blinding the syrian defense radar station in 2007.

the leader of the particular operation a very murky, we don't know exactly what happened. we have to speculate to a degree. >> so it raises an interesting question about possible future confrontations. sometimes people have syria on their mind and when we talk about cybersecurity in these days, and there are two questions. one, what is syria able to do to save the united states through cyberattack in retaliation? and what is the u.s. government able to do in order facilitate a military strike in term of cyber operations? >> very quickly two responses. so let's assume for a moment that the nsa, the u.s. intelligence community has the capability to blind --

[inaudible] it's a difficult question to answer. if they should actually use that capability again syria, because they would probably set a precedent. they would giveaway tactical and technical information on how to do it. which means it may make it more difficult against a more serious and powerful opponent down the road. it's an intry candidate decision to use these facilities. it's never done in a major way. what is syria able do in retaliation? so far, i think it's remarkable how ineffective the electronic army has been. they were able to hack website at "the new york times," parts of twitter come to mind. hack the ap twitter account. that's not technically very hard to do. if that -- they haven't achieved any seriously technically impressive

systems toward harder systems. maybe it's -- [inaudible] or even possibly state battled actors. >> rounding out this rather upbeat message, that basically threats. they're not necessarily going tonight mare scenario. one of the element of the book you talk about the retreat from violence. that actually -- [inaudible] the picture often presented is that the nature of the potential cyberattacks fragment and create a high-risk environment. you saylet look at the plus side. would you mind talking about the retreat a little? >> when i wrote a book and -- [inaudible] national war in the context. and when i look at the cases that we've seen in historical

comparison, what really leapt at me is that sabotage. if one of the most drastic example of computer sabotage was an attack against -- saw ya -- [inaudible] 30,000 of the company's computers were damaged by -- not hardware but the soft -- software was delighted. -- delighted. -- deleted. it was near catastrophic for the company. it couldn't get work done for an entire week. the oil production was not effected. it was nonviolent but effective. we have seen other examples where entire nations are really scared it was on the computer attack. estonia comes to mind. again, nonviolent. people were genuinely scared and the trust in the government was perhapses briefly called to question. that's interesting, because we

are situations where somebody is using a nonviolent instrument to achieve an effect that previously probably would have required from use of physical violence. and especially trust, i think, is a highly interesting -- [inaudible] with the new development. they may be able to undermine trust we have in systems and really systems -- in ways we haven't properly understood yet. if you are willing to follow me until here with the argument that trust can be a target, and again, consider -- [inaudible] iran's nuclear enrichment program. the actual time of the attack was trust. the trust that the iranian engineers had in themselves the goal was an entirely clandestine operation. the goal was to make them believe they just can't make

this happen. if you believe you are the problem, the problem is rather hard to fix. if you realize somebody is doing this to you, it's easy to fix. so that was a psychological operation. trust is an interesting aspect in this debate. i think, once we understood that trust is such a key feature, then education comes in a major way. because if we understand, for instance, that some -- only effective because we are scared and not because they are physically such a powerful impact. again think of the ap twitter hack. the financial markets were so confused about what was going on, because ap was suddenly tweeting there was an attack on the white house. there was confusion, a lack of trust, and for a couple of minute there was damage. if we learn that some situations will happen, arguably estonia

today wouldn't be that scared anymore. [inaudible] then rather bizarrely it doesn't imply to you. -- [inaudible] >> it's interesting. in that context, almost by we go full circle in thinking of this in term of the notion that, you know, war is a continuation of policy and the mean. if everything comes downtown political, then precisely a particularly effective twitter hack could be far more effective than ab air strike. i mean, maybe what we're seeing is a whole notion of what war means being redefined. i think as a sort of a philosophical mode operation, i would recommend always, you know, we talk about new technologies here. naturally, there's a tendency, i have it to think oh my god,

everything is changing now. i have the new iphone. in fact, some things may not change. i troamed check your enthusiasm at the same time. i'll give you an example. a lot of people are concerned now about computer-controlled cars. the self-driving cars and the self-parking car and whatnot. theoretically it hasn't happened as far as we know has never happened. theoretically you could cause a car accident through a computer attack remotely. now lot of people simply think, oh my god, car cyber war is just around the corner. i would say, okay, that's a real risk, it could happen. imagine what the consequence would be. the consequence would be huge media outcry. two people killed in car cyberattack. the next result would be nobody would buy it anymore.

so the market, if you talk about large numbers here, then the market is able to react in a way that is not the case in this control system environment. because it's so small and -- >> okay. we can e knock late against the fear. we are almost -- we are on a time table. what i would like to do is open it up to questions from the floor. all i would say is, please, wait until you get a mic -- get the microphone when you are called on before asking your question. try to keep questions short and questions are not statements. who would like to start? don't be shy. the gentleman in the back. >> i'm interested in from the law enforcement oar the

enforcement -- or the enforcement internationally where, you know, recently i think "the new york times" among others was attacked by something called a syrian -- what was -- [inaudible] >> okay by the hacking group that people suspected supported by the syrian government. whose responsibility is it to try to thwart this? what sort of enforcement mechanism could be organized internationally to try to go after these criminal activities? how to we organize against this type of attack? >> so the -- in many cases, one of the big

problems that stand in the way of reacting to an attack is the question who attack you in the first place. who did it? and the debate this is known as the atry biewtion of the problem. attributing agencies. and it's a difficult problem. let mention the syrian chemical attack as a short example. it's actually something interesting -- [inaudible] the evidence that the assad regime had to use chemical weapons was quite strong. i think most people would agree this is the case. even in this situation of some of the country in this case the united states with the help of allies producing strong evidence that the specific of the attack has taken place. political opponent -- political opponents others were able to still deny that. russia called the evidence in to

question, of course, syria did. that's interesting. we can expect even if we know in the case of cyberattack, even if somebody is able to produce technical evidence of high-quality, that some people would still be able to deny this. and really deny sometimes the people will be skeptical in tough situations. when an agency is coming forward making a statement. some of you will remember there's a history of intelligence agencies getting important information wrong. that's a tricky situation here. the the the attribute. -- [inaudible] as it did in syria.

whose job is to deal with the issue? >> it depends on what we mean by these issues. so cyber -- as you said in your introduction remarking slapped in front of all sort of other things. that means there should be one entity in charge of dealing with all of those artificially cyber things. certainly not -- so in the case of the new york time attack, the syrian electronic army, whatever it exactly is. i think it's a number of quite younsyrian. some hackers who -- some of whom may not be in syria, interestingly. who is in charge here? it dependses on where the attack comes from. which jurisdiction. you can trace and not attack. if you could trace "the new york times" attack to, say, germany, sometimes it's possible to do something like that.

then it's easy to call up the german authority, present the evidence to them. go knock at the door of the personal and you have a judicial process that takes over. that's one possibility. it really depends on the case. >> okay. >> next question. >> okay response part of the question -- part of what you said was that cyber war is not cyber war because it doesn't involve physical attacks, and you mentioned that sitting in the room we are invulnerable to it. my question is -- i have a couple of scenarios i think it could possibly cause physical harm. such as, taking down air traffic controls, shutting down power

for life support in specific buildings, radar or satellite-guided missiles. things of that nature. dhowf you think that -- how far do you think that is presently possible or possible in the near future or it actually will. these are things, i'm thinking, can actually cause physical harm through cyber attracts. that takes out that element. we are impervious. if you are on life support somewhere in a hospital and somebody is able to cause a power failure then. be loss of life. same thing if you shut down air traffic control station, and, you know, plane has an accident or something. it would be loss of life. so do you think that is a possibility either now or in the near future? >> yes, it's a possibility. something like that could happen. i'm clear about this. there are some trends that even are giving rise to being worried near possibilities.

butlet, again, keep the discussion grounded. there are enough people speculating about what all sort of systems could possibly, in the future, be hacked if they are ever, you know, there are documents. a sometimes use the example from this manual that some people may be familiar with. people are discussing scenarios of some entity in the military concept hacking the pacemakers and enemy commander and letting the man suffer. reviving him again, suffering again. there are no limit to the imagination if we want to come up with that. there are -- [inaudible] today no pacemaker is conducted with an ip address to the internet. occasionally there are report it is could happen. it hasn't. right now it's -- [inaudible] if something is truly critical, there are people who think about security seriously as well.

they may not always succeed. you're right, it could happen. let shift the debate for a moment to something else. i heard from somebody in the intelligence community about the snowden leak. this is our cyber 9/11. especially where we are sitting so close to where it happened, this is very strong statement. but he said outside of 9/11 we imagine it differently. now this -- i think this is where i think the discussion is a bit far. we're being lead by our imagination, not by the problems we're solving. but let's think about this statement for a short moment. i think the more conversation i have about the snowden leaks, the more i think -- i appreciate the magnitude of this event. this is the biggest intelligence leak in history, period. nothing comes close to it.

we haven't fully understood the consequence. the political consequences as well as the tactical consequences. i'll give you one thought just to keep you -- just to provoke the audience a bit. in 1970, some of you may have seen the film -- [inaudible] about terrorism in germany in the 1970s. where militants on the far left-leaning extremists terrorized germany for a few years. the head of the police was a forward-thinking man. he understood it's not a few individuals. 20 or 40 extremists. this is an ideology that reaches deeper in to german society. does that apply to the snowden situation as well? what i'm trying to say is not to compare it, but does it stand

for something bigger than some guy who wanted to leak information. it was obviously the public outrage about what the nsa is doing. especially in the united. it's massive. so there's a huge concern right now in people's -- among people inside the intelligence community in government who think, well, t maybe not even just a problem of vetting. it's not a problem of explaining what we do. we actually, i mean, possibly there has to be some very serious change, because so many questions until the ideology will recruit itself to the next snowden. it's actually leak in this day in age to leak large volume of information. what is the ideology? is it -- [inaudible] for those who are familiar with the 1990s history here? or really should we go back further to maybe the revolution? is it really freedom the

ideology. these are really tough questions. some liberties and civil libertarians, are in a way, the foundation of what happened. we haven't discussed those questions. these are far more fundamental for the future than the scenario of hacking a car, i think. >> that's, i mean, that very much speaks to the philosophical issues about how far the attacks that can take place through cyber means affect us and makes afraid and makes question various things. just not very good nuts and bolts, i think. as much of anything else somebody takes planes quite often. at the present moment, is it possible, for example, to hack to air traffic control systems in a they could cause more than convenience but have the devastating effects that people speculate about? >> it hasn't happened in the

past. is it possible? we have to be cautious. i wouldn't say it's not possible, but if you try to speak with people in the electricity sector about the possibility of crashing the grid through cyberattack dwsh which also has never happened. nowhere on the planet has ever happened. a blackout was caused by the attack. if you think brazil it's a wrong example just in case -- [inaudible] didn't happen in brazil. >> it's hard than question. obviously, if you operate a grid -- i had this conversation with people in charge for cybersecurity. four large electricity company. of course, they don't tell me, they don't tell anybody in the public domain what their vulnerabilities are. maybe that's not a good thing. t a tricky space.

>>.net worry, don't worry, the microphone is coming. [laughter] okay. i definitely understand your perspective on the threat of cyber war being overstated. and potentially used for political or commercial gains. however, looking back to the georgia, russia war in 2008, where russian agent were able to disrupt george median through do sergeant attacks or ddos attack. do you think cyber sabotage will be used increasingly in conjunction with actual force? >> yes. [laughter] we could move to another question or do you want me to elaborate? >> there's no question. if you have a target environment that lends its to using computer

attack to enhance whatever other instruments are played, of course it really is. the question is only how important was that effect be? if we look at georgia, the attacks that happened on top of the military operation. it creates an additional degree of confusion. of course, it was blended with good electronic warfare technique in the context. it's -- it was part of a larger picture. it added the degree of confusion especially for the foreign office, which wanted to get the information up to the world what is going on. they are ultimately -- [inaudible] in order to get to the press release out. what the internet took -- the internet gave us back in a way here. so it's -- yes, it will be used. it will probably be a factor that is significant.

what is the most important one in the future? i would still be skeptical. especially anybody -- this is really, i think, an important qualification here. in -- when secretary of defense panetta was to speak about cyber pearl harbor, before he left the pentagon, he suggested a medal for fiber-operated and drone-operated. what has been hire in the medal in the hierarchy. there was an outcry among veterans who say wait a minute. are you serious? people who are -- in front of key boards thousand of miles away from the war or still on the military base where they had joy stick. they should be rewarded with the same medal, even better medal

than people who do not fight the real fight. t scary. anybody who has been to a war zone, and, new york, i think almost, i mean, some of you may have experienced this on nieflt. we -- 9/11. we have to respect violence. i felt like in the department of warfare -- it sounds strange, we have lots of veterans we are teaching. people in active duty, people who are studying war. i felt unconsciousble talking cyber war. it doesn't feel right in retle -- relation to those people who have experience. i don't like the metaphor. for me the big reasons go back to initial -- why write the book? it was an mother-in-law thing as well. i thought something is just wrong. i'm born in germany. the word cyber kreig sounds ridiculous. >> patricia then nick. >> hi, patricia for the center of global affairs. i'm a master student here.

i think the common perception when a tactic of what warfare is to be implemented in this case cyberattack, cyber espionage, cyber sabotage we think of it as tsh when coming from throughout. is there a consideration in the intelligence committeety or the cyber -- i don't want to say community but that internally what we would consider to be a threat to national security maybe coming from within our own borders. for example, 9/11, obvious obviously, it was a terrorist threat to the united states by islamists fundamentalist group. timothy mcveigh created the same type of chaos and terror. he was a home-grown terrorist. in your discovery and research

for the book, is there any inkling has it crossed anyone's mind with the defense industry that cyber sabotage could be internally created and perpetrated? >> there's an entire debate on the question calledded" inner threat." we look at the records here, there's only been one successful cab tong attack ever against critical infrastructure. only one was done externally. that was the -- [inaudible] i think it's safe to say by the united states and israel against iran's nuclear enrichment program. all -- [inaudible] are insiders attack. why? if you work for a company and run the specific control system, you certainly know how to stop it or damage that system. we have seen instances where

disgruntled employees, even in this country, there was -- two disgruntled employees sabotaged traffic maps. it took six hours with the dreadful experience for people to stand in traffic jams. there are other examples one, an especially graphic one. a disgruntled employee used the knowledge of the sewage plant to spill it across the significant area with hotels and everything. it was rather ugly, i'm told. so there ared ared inner attacks. it's a huge problem. people know systems and can attack the systems. in a way, snowden, although i hesitate to use him in that list, snowden also was an attack .

>> last question is for nick. dr. rid, while the global comment is only 20 years old. although there are clearly issues with the -- twroord conflict in cyberspace, don't you feel there's something the international community can be doing better regulate cyberspace if only to deal with questions of peace and conflict. should they be institutions built to better regulate the global commons? it's a separate and huge and touching really touching on the debate in the book. i think the situation that we -- there's a global government.

first of all, the institutions that control and regulate what is going on in the internet there's a degree of regulation required to agree on protocol when naming cob -- conventions on ip addressing conventions, its. you have possible -- are possibly familiar with thom -- some of those institutions. you are, i think, talking about the larger international global government. [inaudible] yeah, establish. yeah. establishing norms and possibly regulating about cyberspace is a huge debate. on that level, i think this is a degree of -- there's a little bit of contradiction embedded in the debate. i think what we're seeing, no matter what is being discussed at the international communication union, or international -- global govern mans and there are a couple of those coming up in the next month.

[inaudible] the reality on the ground is that in many countries there's a technical infrastructure in place that already determines the internet experience in those places. for instance, in some european countries and the u.k. is one of those. you cannot watch "the daily show" online. serious. in other places, in china, you will be watched -- your key words will be watched on specific days you, i mean, it's a censored environment, basically. the comment about the "daily show is" [inaudible] i didn't mean to accuse the u.k. of censorship. in other countries, in other countries the local internet experience is very different from, say, here. it raises a big question. what is the normal internet? is it the free internet we are used to? in europe and north america?

or normal internet experience today already a heavily restricted one that blocks specific sites? specific applications? for instance, facebook and twitter in china are blocked, obviously. iran is now. if we go by the numbers, then today the normal internet experience may already be one that is heavily restricted and controlled. because the numbers -- the large numbers of users are in those countries. that's a really sobering question. you know, the snowden revolutions and the reaction to the american reaction to the -- what the nsa was doing and the way it's being interpreted now is making that problem worse. because it makes it easier for countries like china or russia to say, really, you're turning us to spy in and to which i respond, yes, really.

we're turning to you to spy. the difference in kind. i think it needs to be repeated here publicly, progressively, and very clearly. the nsa and -- they are not spying for commercial gain or doing intelligence operations to suppress political disdons. and other countries that -- [inaudible] if they are feeling em boldened to point a finger there are still different. it's an important difference. we shouldn't forget that. >> thank you. it's one of key conflict in the future is precisely how we define access to the internet and so forth. i know, there are some of you that like to ask questions. it's a good and stimulating topic if precisely it never runs out. i'm afraid time has run out. what i would say is, thank you

for coming. secondly, please stay and have some wine and nibbles. and obviously buy a copy of the book. i hope it see on the 30th of the october which is the next speaker event on "citizens versus organized -- crime. thank you to the guest for coming and presenting to us. it was great. [applause] [inaudible conversations] is there a non-fiction author or book you would like to see featured on booktv? send us an e-mail at c-span.org. or tweet us at

@twitter.com/booktv. next debra spar president of a college. this is a little under an hour. ..