you can find all of this onnext, a discussion russian cyber operations. this is 90 minutes.

>> it is a wonderful panel we have today. , david sanger, and fiona hill joins us from washington, currently at the brookings institution, had been national intelligence officer for russia. welcome back. thank you everyone for cramming in here to the absolute full house. absolutely packed. havell note that if you

your cell phone on, please turn it to silent or turn it off, a remarkable idea. live tweet, goo for it. it is on the record. have at it. , we it comes time for q&a do have microphones on the left and when it is time for questions, please use them. and way our audience here on tv will be able to participate and hear what we are talking about for the q and a. with that, let's begin. , fiona,sk our guest tell us where we are at with russia today. we have a new administration that comes in with a slightly different approach and thought about russia then previous administrations. set the stage for us, if you would, where we are at with russia today. thank you for being here. ms. hill: it is great to be back at harvard and see so many

familiar faces. , we areing the enough not at much of a different place than we usually are at the beginning of administrations. there are plenty of people in this room who will think back, sorry i don't want to be rude to anybody, back to reagan-gorbachev, when ronald reagan wanted to change the trajectory of the relationship with the soviet union, and did through summits with mikael gorbachev, and successive had to rethink the relationship. they have all tried to find new relationships, so that is not unusual. what is unusual is the backdrop to the presidential election here in the united states with an unprecedented level of efforts by russia to have some

kind of influence over those selections. byhas been hotly denied moscow, but the reason we are having this panel, articles from others,anger and that is meant to throw us off the scent of what is happening. also efforts to influence elections by russia or the soviet union, the choice of leadership, the choice of kings and queens, it is also not unusual. this is not unprecedented for an outside power to have a say in what happens with another power, and adversary or friend. technologythat the we are here to discuss has given everybody opportunities to have influence in different ways. anyone in this room who is able to code can hack into somebody else's computer.

back in the day, it was more difficult to have political influence. you had to spread rumors, physical spies in different to swayor even people the day. now we are in a situation where with a few taps of computer keys , you can have a major impact, or at least have people talking about that impact, so i would in anthat we are not entirely unusual and unprecedented position, but the scale of the efforts we have seen to have an impact in u.s. politics is somewhat unprecedented. >> excellent. thank you for that great opening. if that is the intro for the russian side of the story, help us think through the cyber side of the story. mr. buchanan: that's right. thank you for coming. it is a pleasure to be here. a lot of things are new, and a

lot of things aren't new, and that is true on the cyber side of the ledger as well. russian cyber operations go back a long time. one of the first operations, moonlight maze, late 1990's, and that was tied clearly to the russians, so this is not new, but for those of you who might be new to the cyber operations, a way to conceptualize them is that we have a category of thistions, espionage, and is an old tactic in new clothing, gathering information through signals intelligence, and this is incredible by able to nations today. it is difficult to overestimate the degree to which modern nations including the united states and russia rely on signals intelligence and cyber intelligence to inform their decision-making processes, and also sometimes in 2016 to leak information and carry out influence operations. that is one side of the cyber ledger. the other half is holding

targets at risk or developing attack capabilities. the russians have done a fair amount in this area as well. what is significant is here for those who have not studied cyber operations before, if you build a missile, you build a missile and target later. if you want advanced cyber capabilities, you need to do reconnaissance and prep work in the at the sirs network well before you want to launch the capability. the russians doing some of this prep work before. so this is a significant part of their operations, even if it is not a high profile influence our espionage operation. make no mistake about it, russia has recognized the power of cyber operations to steal information and attack. >> terrific, all right. well not terrific for victims of russian attacks, but terrific for opening comments.

you wouldk the two if together with a wonderful story int you had written back december, december 13, on a saturday, a very detailed account in the new york times called the perfect weapon, how russian cyber power invaded the united states. thanks.er: it is great to see so many friends here. thank you for coming out. this piece, and it is a long piece, about 7000 words long, was an effort to do a reconstruction of what had happened. the title of the perfect weapon came about because the more we discussed it, the more we came to the conclusion that it was perfect for the situation that russia finds itself in today. russians, like the iranians, north koreans, in fact like a must everybody else, do not see

any advantage in confronting the united states frontally or any advantage in doing anything that would actually provoke a major response or certainly a connecticut response. response. russia is well-designed as was pointed out for the option of doing a low level attack that could be used for espionage, could be used in this case for influence operations that merge a very old soviet tactic from the 1940's with the very modern technology of cyber. or it could be used in a much bigger case for full-scale attack, what the united states did in the olympic games against the iranian infrastructure. and so the trick for the russians here was to find something that was inexpensive, would countd that inabilitylity or our

to both detected quickly and to respond decisively. now on that last point, counting response,. for a slow and then for a confused one, i think they got a payback that was bigger than they ever possibly could have imagined. just to take you briefly through the timeline for any who may have missed this, the united antes was first alerted by allied intelligence service about an attack on the dnc, and intrusion into the dnc, in the fall of 2015. because the u.s. never wants to reveal exactly where the dhs,ligence came from, department of homeland security, the fbi sends a mid-level agent out to go find a completely group that was

defending the dnc's computer systems. i would not say defending the dnc's computer systems. they were hanging around the dnc computer systems. the special agent calls, leaves a message, asks for a callback. the person running this, you can't make this stuff up, doesn't believe he is from the fbi, but doesn't check or callback for a while. in the standsths back and forth where they are presented with the evidence, the fbi said a group called the appeared to be responsible for this. this is part of russian intelligence. thathe response is so slow the president of the united states did not actually hear about any of this until june 20 16, 9 months. hown era when we talk about

cyber means we have to be able to respond quickly, have a playbook ready, be able to look at an array of options, whether sanctions or a counter cyber attack, or some other form of active defense, or something you, you can't do that if are responding this slowly, and in the interim, what did the russians do? intowent beyond the dnc the email accounts of john 2016, whoho in march is chairman of hillary clinton's evidence of found 128 private email accounts within the clinton campaign they try to get into. they actually only broke into two. why did they only break into two? people did noto have two factor identification on their email.

if there is a lesson, it is subtle am a bit out there, leave immediately and put your to factor identification on. they gathered all this stuff from john podesta, who had checked with his i.t. people and somebody still hit the button that i allowed a spear phishing campaign to get his password, and it was months later after another attack was discovered, gru, thecally by pg people discovered what was going on, cleaned out the dnc hard drives. by that time, the russians had everything, and the first material was made public in the mys before the opening of the a craddick convention, and that of the set of releases internal dnc material that led to the resignation of debbie wasserman schultz as the

chairman of the dnc, and then they did a another set of releases during the campaign, the podesta female's, most of within hourseased of that now famous videotape of then-president -- then candidate trump saying some fairly crude things. the release of the emails came 24 hours later. these came over several different channels. first over to bank channels we believe the russians themselves not enough when people were clicking on those, somebody gave the material to wikileaks. so what was unusual here? first, we had not anticipated. we had a failure of imagination that the russians would take a series of techniques and used it against the united states.

we failed to anticipate that a group like the dnc or rnc would be easy targets. thirdly, we had an fbi that responded so slowly that they never did what we did during the iece,ting of the p walking between fbi and dnc. this would not have required a lot of effort on their part. then fifth, president obama when he got the data did not want to be accused of getting involved in the election on hillary clinton's behalf, so he reacted fairly slowly and carefully. we reported in late july that the intelligence community had concluded the russians were behind the attack. the intelligence communities first published attribution of this was not until october 7, and the u.s. response was not

until a few weeks before president obama left office, so if you're looking for a case study of how not to respond quickly to one of these things, you have got one. >> that has got to be maddening, and one of the best things about moderating a panel with david sanger is he can't ask you to explain why the government was so slow in responding, so we will leave that for the q and a. let me come back to ben to take on an article this morning from the new york times to contrast -- the article this morning in czechoslovakia suspects a foreign power in gmail hacking. what do we make of this? is this the russians? is this the part of the playbook? there is no:there is no

doubt in my mind this is not a new trick. 1845-2000, the united states and russia, then soviet union, combined to try influence 117 foreign elections, overtly and covertly, so this trick has been around for a while, but doing it in an electronic fashion is new, and there is no reason to think the united states in 2016 was the first it inhe russians tried elections in 2014, ukraine election, there is pretty good evidence the russians were involved in that. and what appears to be a successful 2016 campaign by the russians in the u.s. elections, there's no reason to think they will stop. we have heard from folks in europe that the russians feel like they got away with it, so nothing will deter them from doing it to us, germany, france, czech republic with elections coming up are quite concerned, and in my view, rightfully so.

the question for those nations is what are they going to do about it? pursued a policy of calling out russian hacking far more than any other nation, and it is not clear that that is itself deterring russia, and smaller states like the czech republic, who might not have advanced cyber security or a history of working in cyber operations have a lot to be concerned about, so if you are looking for new stories in 2017, this is one that is not going away, and this is one that will get a lot of attention before -- fiona up on this, an article on the brookings website, what makes putin ti ck and what the west should do. it is worth reading. one of the opening lines is that we may have underestimated his willingness to fight for as long

and is hard and as dirty as he needs to. is this an extension of that? the kinds of activity, an extension of that argument? ms. hill: it is. one of the reasons is the ,onclusion of the 2015 book precisely because the analysis prefigures this. it was mostly focused on russian , sovity in eastern europe the failure of imagination was the failure to extend it to the united states and larger western european countries, but just to pick up about the question you posed to ben. in december 2016, the head of german intelligence also announced come and this has been picked up in the new york times and elsewhere, that the personal email accounts of the german parliament has also been hacked, and presumably other accounts as well.

there is evidence of shelled bank accounts in switzerland for a more conventional type of influence operations, funding parties in advance of german elections, so we can fully anticipate the kind of activity we are seeing an countries normally not on the front page of the new york times, moldova, belarus, montenegro, the kinds andperations to influence pushed the tide of elections there to be attempted in germany, the czech republic, the netherlands, french elections are coming up, although there seemed to be self-generated problems in the french elections, although one could information to the kinds of sources we are talking about as well. this is a pattern that has been continued for some. of time here at it is just now bit it is in our own backyard.

failure said, it was a of imagination on our part not to see this given back if you go back to the 1980's and further, this is a feature of the kind of cold war activities that we and the soviet union were undertaking. putin is a former operative in the kgb. he continues to think like an operative. he himself is extremely proud of that skill set he acquired. he talks quite frequently of being a specialist in human resources. shies away from extolling the virtues of the techniques he learned to play dirty in the kgb in politics, and he saw in the u.s. political race, something incredibly contentious, we are familiar with the nature of the political

through, and an incredible amount of opportunity to exploit on all fronts. putin and the people around him are strategists. we always under and have underestimated for the reasons my colleague mentioned and why i wanted to write this book about putin, is that we always assumed he is an opportunist. advantage ofe opportunities unless you have an idea about what you would do with them. the people who came out of the kgb like putin were trained in contingency -- but also have clear goals about what they .anted to do, been long time, putin has in the interests of russia first read this was his slogan back in 2000, not just picking up on the meme of the moment. when putin came into the presidency in russia in 2000, his whole manifesto that he

announced at the end of december 1999 was to put russia back on its feet, first internally, domestically, then as a great andr, and it numerous times many speeches he has made through his presidency's and the beginning of his various presidencies, he wants to make sure there is geopolitical and geo-economic demand for russia and russian is one of the big players. hehas also made it clear will use whatever means necessary for this. what david said about the asymmetry of power is important. putin is also quite cautious in his application of force and violence per you see that in domestic politics as well. there are a lot of policy steps may domestically that are meant to have an influence on others, very selective targeting of individuals. in foreign seen that policy as well. when clinton and the russians target a country, they often target an individual.

a classic case was our elections with hillary clinton who they saw as a threat. you can all see this in turkey -- also see this in turkey. after the shooting down of the aircraft by the turkish military , the russian aircraft that made a small incursion into turkey's airspace during the syrian targetedin 2015, putin all of the russian establishment targeted not the russia turkish people, but president erdogan directly. out the dirty laundry, the information circulating in the turkish press and has led to the arrests of turkish journalist. he said it was a stab in the back that he and president erdogan had secret deals behind the scenes about the kurds in northern syria.

he went after president erdogan and the turkish government with a single minded purpose, putting sanctions on them, basically forcing the turks to eventually capitulate in terms of giving an apology for the shooting down of the plane and turning the screws on turkish front abilities with the kurdish situation in syria, and after the coup this past summer. those are the kinds of actions we see repeated. in smallern it countries repeatedly. we are seeing the russians feel emboldened on doing this at a larger scale, and they see this as fair game and part of a totality of instruments. cyber is just one of a whole number of strategies and mechanisms. ask david to pick up on something you were talking about. in terms of the asymmetry, the point david made earlier about cancyber capabilities be the perfect weapon.

as a journalist, you are in a powerful role in communicating these activities to the public. the government does not talk about it. the only opportunity to learn about what happens is through a handful of journalists, and david has been reporting on it longer than anyone else. how do you think about evidence? how do you think about the standards that are needed to say that everybody is denying it, but here is what we will say as a paper of record? mr. sanger: thanks for that and the reminder that i'm the oldest site reporter wandering around. [laughter] first, the first thing to remember here is that this was not the first time by a long shot that we saw russian intelligence operations, even in the united states. earlier inet that the obama administration that we had seen three espionage only attacks.

one on the state department, one on the unclassified females in the white house -- emails in the white house, and one on the joint chiefs of staff, that being the scariest one because supposed to be the safest zone in the government. it was not the russians who went in to the office of personnel management and got the 21 million files. that was the chinese, who beat them to it, but it was in these other cases. so in each of these other cases, there is of course the forensic evidence that you see, bruce and others here can talk about that, but there are certain patterns. the russians in the case of this hack used some very familiar techniques and tools. they used to familiar ip addresses that have been used

elsewhere. of course you can fake and ip address and borrow someone else's tools. you get to a point where there were enough of them that it becomes significant. motive,ondly, you have and i think fiona alluded to this when she mentioned hillary clinton. vladimir putin has made no secret of the fact that he believes that secretary clinton in her last year as secretary when she commented quite publicly on the 2011 russian parliamentary elections and declared that they had been rigged, in putin's mind, she was interfering with the russian elections, and i think it was a fairly reasonable guess, but again it still guesswork here, that he was seeing this as something as payback for something she had done. but the truth of the matter is it that the only way you get truly convincing evidence is if tap of a verbal

conversation in which the people are doing this are discussing it, or you have implants inside which younetwork in can see the traffic. the dnc email suddenly show up running through an implant that you have put in the russian systems, you have a pretty good guess how this all came about. thisis the hardest part of whole bit, because revealing implants, revealing sources, is the most difficult element of it, and so the u.s. government turned out an intelligence report in december that laid out their case. on allutterly unhelpful their questions you just described, but we quickly found out there were two other versions of the report. intended onlys for a close to session for members of congress, which is to

say that it was cleaned up with the understanding that the leak would happen between 10 seconds and 10 minutes after the meeting ended, and then there was a compartmentalized version, which is what was shown to president obama, and also shown to president-elect trump at that time and his staff. it is fascinating, because you never president trump say i don't believe it is russia. wen we get our reporting, got exactly what you would expect, which was that evidence showed evidence of that material inside russia. for am going to turn to ben a discussion about opportunism

and contingency planning. we will try to give a preference to students if you have a weston. -- a question. come to the microphone and get a head start. we talk about the need to think about strategic planning, not opportunism, what the patent playbook is about. but for cyber operations, can you help us think a little bit about the need for what you would call agility, because you don't entirely know every single step of the way if will be successful or not, versus the need to trade-off things strategically. help us make sense of that, and students, hit the microphones. >> this is a question that is particularly vexing. it goes back to what i said before about the need to develop access early if you want attack capability fixated.

we also should know that cyber operations are a complex beast. these are multistaged, and oftentimes they take place in target networks where access can be lost any given day, not from an update from a security improvement, but just because somebody changes their software from something 2.0 to something 3.0. you could lose access to the domain you are trying to operate. aere are real challenges, and points out the challenges on the defensive side, of responding to the operation you do detect, particularly when that interface points out theeaucracy challenges on the defensive side, ofthere are folks who will you on both offense and defense that the solution is to get humans out of the loop if , to fight in the cyber domain at machine speed rather than person speed, or swivel chair speed.

it is an admirable goal, and we have seen fits and starts in our intelligence that would make it thinkable in the long run. i think the resolution that is inescapable these days is organizations have to streamline the response processes and have people making the strategy and doing the plans who are comfortable with technical facts of the cyber domain, and who are comfortable with the fact that things go wrong and flexibility is required. it is fundamentally different than operating in previous areas of traditional conflict and nuclear can't wait -- nuclear conflict. i think when the history of this period is written, it will be written as a period in which policymakers are struggling to figure out how to operate in this domain. the subtext of that is probably

that the nation that does it best and fastest and finds its agility is going to have the most success. thatst a quick addition to , at risk of uttering the obvious, taking people out of the system sounds good for past response, but it also takes the superpower politics of it out of the system. you don't want to do at -- do that, because the way you would respond to a hack from north korea, as the u.s. did after the sony attack, could be quite different if you are responding to russia or china. >> i think we are going to be able to do another session here with the head of darpa. darpa ran a grand challenge last year about self-healing systems in computers, that can attack each other and feel each other without humans in the loop. that is going to be a topic we will explore here at the kennedy school.

one point before we go to the questions, there is going to be an element of all of us as individuals and often this as well -- involved in this as well. we are all going to have to be very careful about our own use of the internet. i have been personally hacked multiple times. it has been a very sobering experience. everybody a manageable -- everybody imaginable is trying to get hold of our data, individuals who want to basically get hold of people's identity information. i think it is going to be incumbent in this environment to not just go back and put in the necessary -- for gmail, but thinking about our use of all

social media. whatsappudents have a account, very recently, i discovered a colleague of mine had their facebook account hacked which basically infiltrated their whatsapp account. so i would advise all of you to start changing those settings .retty quickly the point is, we have gotten used to these tools as part of individual convenience and part of our lives. people are. the point, people are on their computers now, but we have made ourselves vulnerable to a range of individuals that want to attack us. .t is a sobering experience i remember back in the day at the kennedy school and here at was writing

everything down and notebooks. in some cases, we may actually ways ofanitize our operating because of the sensitivity of information, going back to the days where we did not have to blog and tweet. >> what a time. [laughter] get to the audience. please identify yourself with your name. >> i am a senior at tufts university. golding.s josh i will target this at dr. hill, but if anyone can answer, i would appreciate it. i am curious i you think internal competition within the russian security services will the frequency and scale of cyber operations. dr. hill: that is a great question.

obviously there is something going on right now, because we are getting information about arrest standings going on in moscow. every security service has competition. we have a pretty strict firewall between when our various agencies can do. the fbi has to deal with a lot of domestic political issues. the cia and other intelligence agencies deal with foreign intelligence and are not allowed, actually, to basically undertake any investigation that has domestic political components. i think the russian services knew that very well. they were able to take advantage of some of our firewalls. in this case, they have a lot of overlap.

i think they are very keen on , whong who is more agile is able to get the information first. it is not all about elections, either, because there is a routine to find out information about leadership in other countries, to find out information that would give the russian government a distinct advantage. obviously there is housecleaning going on, because there are all kinds of questions about whether individuals in the services provided information to the united states or provided information to other governments about what is going on, but i think this is going to be a very big issue that most of us on the route side will not know what is this is something that will be a feature in the next couple of years, and i would say we will see a lot more of these attacks as agencies are being compromised in russia. they will be trying to prove their worth again. i don't think this issue is going to go away, and it will be

difficult for us to deal with the complexities of interagency competition in russia. the russians also have an election coming up. putin has to basically put himself up in the presidential election in 2018. elections do matter in russia, because it is a way of putting fake back in the presidency. you can be sure that putin is to make sure there will be no outside efforts to influence their elections, as he believes .appened in 2011 and 2012 we can imagine more preemptive aggression coming from russia to make sure that nobody has any idea about intervening. 30-second supplemental? group thathe fsb's first got into the d&c, and it was months later when the gr you came in.

there was considerable speculation within u.s. intelligence that the two of them were not coordinated, and actually it is the gru that ended up getting caught and made a lot of this material public. i think that is some of the competition fiona refers to. >> if others want to hit the microphones, i would invite you to do it, but you over here, please introduce yourself. >> my name is grant. thank you for this panel. this week, "vice" magazine put out an article called the data that turned the world upside down. it talks about psychometrics, and enhanced form of demographic information, basically feedback from the clicks you made on facebook. they can put people in the categories and influence elections. say if i clicked on a few things, they know i am an anxious father about a certain type of issue, and they can target based on that through

dark advertising and other methods. my question is, we have seen this in campaigns. this was linked to the presidential campaign in the "vice" article. are we seeing these issues by state actors, and what are the applications of this? ben, you want to jump in? mr. buchanan: i think this handset a broader point, and that is that we have talked a lot about cyber operations. we have an event called russia and cyber operations. this intersects neatly with propaganda operations and what the kgb used to call active measures, false information, fake information. i think at some point the story will be written about the tv network rt, the online websi te sputnik, and a verifiable army of twitter accounts pushing

information. in some way, this is hidden in sight, but there is no doubt that is the piece of the puzzle i don't fully understand. sight, but there is no this notion of micro-targeting is important. i am not sure of the degree to which the russians have mastered micro-targeting in the way presidential campaigns have, in part because i don't think they can buy the data in facebook in the way that the obama campaign in 2012 did. the broader principle is the more data than does get out there, either through legitimate or illegitimate means, we have seen the chinese run a series of operations. .avid mentioned opm there are also hacks against insurance companies that gather data on american citizens. the more data that is out there, the more savvy intelligence services will use it as part of the operations that intersect with the cyber operations.

the question i get asked most often, usually by people who voted for hillary clinton was, can you qualify and the end whether or not this operation swung the election? i always say no, we can't, because the russians did not go after the actual voting machines. annedappear to have sc a number of registration databases, but we have no evidence they manipulated the votes so those 3 million illegal votes came from someplace else. [laughter] we don'tr: but because do that, we have no idea in the end how successful or not successful this was. and you are trying to separate it out in an election where there are a lot of factors. the statements made by james comey about hillary clinton z males. the fact that secretary -- hillary clinton's emails.

the fact that secretary clinton did not prove to be a viable candidate. that is part of what made the russians so successful, because not start-- they did this operation in 2015 when this all began thinking that they would get donald trump elected. most of the, like people in this room thought, that his candidacy would probably be over by september or october of 2015, and yet as time went on, it looked like their goals evolved, and they evolved because they were able to move from information gathering, which is where the fsb began, to making information public that might simply disrupt the election, make people lose confidence in our system. at the very end, if you believe in the u.s. assessment of intelligence, actively entering

on behalf of donald trump. dr. hill: what the russians specialize in, and this goes back and extremely long way -- we are in the 100th anniversary of the russian revolution. specialized in propaganda and these kinds of operations. it has been around for a long time. and when you look at what they have been doing for the last hundred years, these kinds of operations, they have been writing a type that is already there, exploiting vulnerabilities, in some cases, but really getting a nudge -- giving a nudge in the direction of larger trends. enin 100 years, l promoted all kinds of causes that were not intrinsic to the mission he was trying to take, such as the operations of

ukrainians and a whole bunch of other nationalities of the former russian empire. stalin co-opting them in moving their independence in the direction of the bolsheviks. all kinds of things. but i think we saw in the case of rtm sputnik, the russian outlets, they amplified trends that were already there, but emphasized the directions in which they wanted to see things going. they also, and i think this was written in a recent article that either you or one of your colleagues wrote, there is a counterintuitive element to all of this. the russians want to look good at what they are doing. they love that we are having this panel right now. c-span is here, but maybe we are live on rt.

we are all getting them to use. -- giving them cues. they really did a good job here in terms of their goals. they are probably working on our dinner at the same time. basically, they have loomed very large in this in a way they could not have possibly expected. this is also good for business. kgb andnted to join the basically went through a whole series of documentaries and films about the kgb and undercover operations during world war ii. you can be assured there are an awful lot of people getting recruited now on the background of taking down a titan of u.s. politics. they are doing it much more effectively than the chinese and north korean's. basically, russia is back in business. for a farmer, probably still

current, operative like to, this is -- former, probably still current operative like putin, this is a job well done. i do think there is some work that can be done by an enterprising graduate student at the kennedy school to look at how the release of that information drove traffic online and changed narratives online. that, i think, actually is measurable and research of all. right now i think it is a fair it is a little hard to point your finger on it, but there are a lot of ways to research this. how fake news compares to a "new york times" article. [laughter] my ego prevents me from giving you many of the results, but i can tell you that the fake news stuff gets you

repeated fast, which is why facebook, google, and others are looking for mechanisms that would say to people who click on a certain article or certain facebook post, hey, you should look at these two or three other accounts that suggest that what you just clicked on was complete fabrication. my colleague, with whom one of the two reporters i wrote the perfect weapon with, went out and found a guy living in annapolis who basically wrote a lot of this fake news. he said that if he could have made more money writing fake names in support of hillary clinton, he would have done that, but the market was for trump. question, we next will go for quick questions, and we will go for short answers, please, as we go down to final jeopardy. >> my name is jim. a student of life. i want to follow up on the influence of the election and

take news especially domestically with david sanger, though all of you are welcome to respond. oldare all aware this is an playbook on steroids and should be taken seriously, even if we should not panic. i think everyone sitting and standing in this room takes it seriously, but it is also fair to say that we are about 90% of the eastern intellectual elite sitting in this room, and there is a group of people who don't take it as seriously as we do. times" had an article weeks ago about trump supporters and russian hacking. there were three positions. on one end, it did not happen. in the middle, it happened but did not influence the election. on the far end, it happened, and it was a good thing that got trump elected. if perhaps 35% of the electorate who are trump supporters don't see russian hacking as a problem, what is the political

will, the reality domestically about how we can move forward on this with the money, the staff, the policy that we all think it deserves? great question. david? mr. sanger: first of all, this is a setup because jim was a graduate student trying to keep track of all of us when i was a student. he has seen the agitprop close-up here. ands a very good question, i think it is one of the reasons that use saw so many committees bycongress and many efforts the obama administration to set up investigations that would live beyond the obama administration. i think you are going to see a lot of efforts by the trump administration to try to make sure that this either goes away or there are distractions from it, and so forth. but fundamentally, the hacking investigation fell victim to the

same divisions within the country that made it so effective. i think what we are going to have to do, and it is going to be incumbent on all of us, is basically change the discussion and narrative and actually depoliticize this stuff if at all possible. it is right that it fell victim to partisan politics, and i have to say with due respect to some former senior figures in the cia , they actually did not help in this matter, in all beds and other articles they wrote where they declared themselves in favor of a particular candidate or made partisan comments, because the message overall should have been that this is a front to our national security -- an affront to our national security. whatever you think of hillary clinton, she was running for office as a legitimate candidate , no matter how contentious this election was.

if it can happen to hillary clinton, it can happen to anybody. if anybody is sitting in here and is a member of linkedin and has their personal information taken, we should be concerned, because many people in this audience will want to run for public office, just by the fact that you are sitting here and working at the kennedy school. anyone out there who voted for trump, they can have their personal information taken areas we know the time -- taken. we know the chinese have been doing this. i think we have to have a national debate. congress is the right place to have that. it is incumbent upon us to talk about this in a nonpartisan person -- nonpartisan fashion, and make it clear how serious this is.

>> also, had president obama, starting in july and august, come out every couple of days saying this is not about my support for hillary clinton, but we can't have a foreign power election and this is what the intelligence is showing us, a choice he considered and rejected. we might question, would that there are many former members of his administration who believe that he should have been a lot more vocal about it. mr. sulmeyer: i think it is also worth noting that senator mccain recently created a specialized subcommittee to focus on cyber security. i think what we should expect and ask for is our representatives in congress to spend a little more time specializing in cyber security oversight not just for the intelligence committee, but for a much broader swath of society. i think that is where we need to be heading. my son-in-law offers cyber

security information services to congress. mr. sulmeyer: wonderful. got him again shut out there. [laughter] mr. sulmeyer: we have a question? go for it. >> matthew, a graduate student. we spoke a little bit about providing evidence, and it seems the question about how we provide this evidence to the public to prove that these events are taking place, david, i got a lot more from your story then i got from the u.s. intelligence report from early january, which to someone who follows russia said absolutely nothing new. everyone knows rt is a propaganda outlet. mr. sanger: we still have more subscriptions than they do. [laughter] >> right, but i was wondering your views as to, with the limitations are releasing certain information, how can the fact that a lot of people in this country still don't believe

this happened, how can we combat it? as somebody who went in with no background in intelligence to the national intelligence council, it is incredibly difficult for an intelligence agency to write something that is more .nteresting than that summary that was literally the most sanitized summary they could have put out. as david was saying, there was always an anticipation that the redacted version would be linked as well -- the unredacted version would be leaked as well. when they are late, we are put in danger. i do not have any information on the arrests in russia, but if they have anything to do with that, you can see the consequences. these are life-and-death consequences for people who provide information. what i was going to suggest is this is something that is the

role of congress. the intelligence community is in a difficult situation, because their first priority is national security and advising the president, but congress are representatives of the people. lindsey graham came out and said he had been hacked. when members of congress have had these experiences and bacon -- and they can find ways to reach out to the constituents, this also plays an important role -- the people who voted for them have a degree of trust in them. we have a problem with trust in congress at the moment, but we will have to work harder in restoring trust in some of our public institutions. i do think it is significant that president trump said he believes it is the russians, and -- had he been more adamant on that side, that could have had an impact without revealing information to many of his supporters. right toe was also talk about how china and other .ountries are involved in this

we have always had a hesitancy -- and we had this from the point of view of the brookings institution having been hacked repeatedly, and constant denials of. we have always had a. we have a whole issue now of basically cyber hostagetaking, where people take down your systems and you have to pay with bitcoin to free your system. need to be more transparent and open about talking about these. it is incumbent on all of us .itting here we won't get anywhere unless individuals start taking us seriously. mr. sulmeyer: i need everyone to work with me here, keep the answers brief, please. mr. buchanan: i have had a long debate with many in the intelligence agencies about whether they could have offered the way of more -- offered more in the way of intelligence.

private companies could have come out and ratified and said their analysis was exactly the .ame as those private firms i think they probably could have talked a bit about having evidence affirmed from implants they had in the russian systems. it is not exactly news to the russians that we are inside their systems. i think without getting's so specific that has endangered lives, i think there are ways to do this, and i think they are stuck a little bit in an old think about how you handle this. mr. buchanan: to emphasize what david said about the private companies, it is worth noting cyberalking about security is fundamentally different than talking about chemical weapons in syria. you have the private sector working with cyber security companies.

based on private evidence alone, i was convinced and happy to stay on air in different forms by july or august, because of the reuse of certain forensic indicators. i think that is the area of the intelligence community needs to adjust, both in saying we cannot piggyback on the private sector, and when should it fear what the private sector will say? some companies have an effort to get attention and have been very vocal in a way the intelligence community does not always agree with, but i think that were errors a rethink on the intelligence community side. ben has targeted this in a recent paper. feel free to check that out. next question. >> i am in matthew student at the kennedy school. i have a question in regards to the upcoming european elections. expectd we should continued russian interference in those, and you spoke about the various shortcomings in the u.s. response.

i would be curious to hear your views and how far you think european countries will learn from what has happened to the u.s., and how much they have been stepping up their defenses, and how vulnerable you see these countries. the germans have a vulnerability that is a little different than ours. we were made safer here by the fact that our election system is space --ate across the there ise states, and opposition to having a centralized system and the federal government, that you would have to organize based on states. europe.sier in they have a set of problems that go beyond ours. overall, some of the countries like germany and

france, the united kingdom, for example, they have more integrated intelligence communities that are much smaller, and they tend to be committed you getting with each other more quickly. also, they have been put on notice. -- if it can be done to the united states, you can be sure it can be done to other countries, so i am sure there will be reverse acted measures being taken by countries now, to focus on the integrity of their systems. political figures have been forewarned that accounts have been asked, and those who have not been should be pretty certain that there is a high likelihood that is the case. i think we will be seeing a lot of european countries working quite closely together. there has been a whole host of centers set up in europe on cyber, picking up on some of the issues that have been raised here now, to swap information,

key countries within the eu itself. example i would point to is the 2014 hack of the ukrainian elections. we don't have to be forward thinking to look into an election hacking in europe. it would not influence operations the same way. the ukrainians have a centralized system. three days before the election, the systems are wiped. on election day itself, a few minutes before the ukrainians would learn the results, they found that they would push out false results, and the results would show a fringe candidate winning. they then would have to retract and push out the real results. the only entity that push the fake results was pro-russian tv, who somehow knew what was going to happen or it happened, which suggested compliments.

that is the sort of stuff that would worry me in the european election, not just influence operations, but actually translating to know-kidding cyber attacks. huang.ame is paul i am a student at tufts. why is there far less interest onthe public discourse , whereas theng chinese has been doing that for as long as we can remember, and at the severity and , that, inhe attacks at

my opinion, was an act of war, whereas the taking of the dnc, as much as we want to think about it, is not on the same scale as the opm attack. when it happened, i was working as an editor in a taiwanese newspaper, and i remember covering the event and how there seemed to be very little .nterest in their story the story at the time was not about the attack, it was about something else, so i'm just curious. ben, and then david, active war? mr. buchanan: no, not an active war, and they have been quite clear that if they do it to the chinese, they would. mr. sanger: great moment when general clapper was up testifying in congress on the opm attack, which did get a lot

of coverage. mr. trump was doing other things at the time, but it was a pretty well covered event. you had all these members of congress who were saying, about the chinese attack on opm, and they kept correcting them and saying, no, it was not an attack, it was chinese-led -- actually, they would not even say china. they would say the incursion on opm, the espionage. the reason was, if you categorized it as an attack, it would have to say that this is abnormal behavior that we would not do, and obviously it is the kind of thing that not only do we do, but it we go into the snow to documents and look at -- in the snowden documents and look at what the united states has done to china, we have done them on parallel things. we have not done them on this scale. the question raised by the opm -- did thethe scale

scale change the nature of it? of the issues we will all have to address in line with the discussions is how we regulate cyber regulations along fence. the united states is doing a lot of this as well, and other too.ries clearly are, not just china, north korea, russia. every country is involved if they have that capability too. we are in a whole new set of ,erritory now, extraterritorial in a way. it is kind of one of those difficult things, how do we deal now with cyber espionage? do we engage in treaties, and negotiations? emailsttack on people's

like a tactical nuclear weapon? is something larger, like a denial of service, is this the right way of thinking about this? these are the debates that people like ben and others are starting to push towards. instead of thinking about, do we think of cyber in the same way we used to talk about nuclear deterrence and arms control? asking about these different kinds of questions, this is only the beginning. i think for this new administration, it will have to be one of those questions. is this going to be on the table with the chinese? there is agency to keep thinking about cyber developments as new. -- mr. sulmeyer: there is a tendency to keep thinking about cyber developments as new. at one of the developments is that nuclear is not a great analogy. but when it comes to interstate elections, we are happy to have

here, and ie nye will try to repeat the question because i know he is not miced, but if you think about the work you have spent so much time , tryingon in this field to bring stability in international relations and cyberspace, any reaction to what fiona was saying? i will repeated on the microphone. mr. nye: we are making some progress with developing norms. one of the reasons jim clapper did not call the opm intrusion in the attack is they were busy working out an arrangement with norm againstlop a cyber espionage for commercial purposes. they wanted to maintain that distinction so they did not disrupt that.

you might say that is minor, but it is an indication of how a norm can develop. i have an article appearing this week in the issue of international security. it is arguing why this is different from nuclear, and why there are at least [inaudible] retaliation. but i will not bore you with that. the point is, there is a .eginning of norm development a long, long way to go. mr. sulmeyer: watch me screw this up, but basically, the idea is that for norms development, there has been good progress, but there is a long way to go.

on our website, you can see some of joe's earlier work on this. he also said one of the reasons director klapper did not say it was an attack, that the opm compromise was an attack, because the united states was in the middle of discussions of negotiations with the chinese for norms development, and i can be a lesson for how norms develop. and the shutout, joe has an hasming article in the -- an article in the upcoming issue hasinternational an article in the upcoming issue of "international security" on dissuasion and deterrence in cyberspace. check it out. side.l come over to the please introduce yourself. >> i am a first-year master student at the fletcher school of law and diplomacy. my question goes to all of you. what do you think is a proportionate response to the russian hacking of the u.s. election?

i had a conversation with my friend that is not only an intervention on the u.s. the dnc itself, but attacks the very institution that is supposed to protect the democracy. it is an attack on your values. what would be the adequate response? mr. sulmeyer: let me govern this a little bit. fiona, give us a 30 to 45 second, proportional response to the hacking, and then we have david and ben. of hill: this issue proportional response, you have to tread carefully. this will probably be guided by .im's article -- joe's article we have to be careful, because when you mentioned the issue of values, we want to be there to try to take down similar institutions of the other

countries. the russian government already believes that we have been doing that. i would argue that we have not engaged in that same kind of counter retaliation or preemptive action that we did during the cold war. we have seen in the wake of this -- of course, the obama administration, was one of the last actions they took before handing the baton to the trump in fact,ation -- did, announce a whole new set of sanctions against individuals and entities in russia, but it was not just in response to the hacking. to thealso in response harassment of u.s. diplomats that has been going on for a long time in russia. i think it is extremely difficult to cross these, because it depends on what you actually want to achieve with those actions in response, which is why i think we do have to have a very measured look at this, and to look at all the

different ways of approaching this, and part of it means having a structured dialogue with the russians and with others, as we clearly will with the chinese, on what they want to get out of all this. what is the point of them continuing these attacks? mr. sulmeyer: david? mr. sanger: bobby, when he was the threecretary, words least asked in washington are "and then what?" whats thatand then kept getting in the way of the obama administration's response. your response was slow, and then you made up for it by being incredibly weak. their answer is, let's think about what some of our other options are. had we called out the russians and done sanctions right in october, it would have invited them to come in and mess around with an election infrastructure on election day that we already

figured out they knew how to get inside of these pieces of it. they did not want to up the escalation ladder. are all kinds of things they could do, from sanctions to counter strikes and so forth, and i think it is the problem between feeling really good the , gosh, iing, saying really doubt those guys, and then feeling really crummy the week later. it is the hangover effect. mr. sulmeyer: we do feel crummy. mr. buchanan: let's pretend there are no consequences. u.s. has the final shot, what would they do? the principal let play is that you want to find something that is asymmetrical to the other side. what are russian asymmetric weaknesses? maybe the corruption that surrounds their leadership. with the u.s. want to dump information on vladimir putin and his cronies?

.utin things we already do maybe the u.s. intelligence one starter in the reputation. with the u.s. want to mess with the russian cyber surveillance system? there are options available, but we can up the ladder quickly of quickly ofe ladder escalation will not be taken lying down, but the options are there. mr. sanger: i would note that the legal question about proportionality has been litigated. you can look at it -- mr. sulmeyer: i would note that the legal question about proportionality has been litigated. the question is, why would you want to respond to an act in a certain way of it the context of the overall bilateral relationship? when we have a problem with a country, it is not just a cyber problem. we have a lot of other issues on the table. it will be have to done in the context of the overall

relationship. lightning round, down to nine minutes. please introduce yourself. >> good evening. i would like to thank you for having this conference. mr. sulmeyer: our pleasure. >> i am an aspiring student at the university, also an aspiring government legislation analyst, an aspiring husband. mr. sulmeyer: we aspire to get your question. >> i'm sorry, i'm very nervous. most of us in this room know the first step of an attack is reconnaissance, right? we agreed? is security stupid, to quote a famous rock star? to giveeing taught information without asking for any kind of details. for example, who has access to the information? what is the information being collected, and how can we delete it?

what should we do regarding privacy? this is one ensures our liberty. mr. sulmeyer: what should we do regarding privacy. 15 seconds? ben, help us out, looking back at some of the work done last year on encryption. give us some privacy, and we will do a couple others and keep going. mr. nye: i think the privacy -- dr. hill: i think the privacy -- mr. buchanan: i think the privacy question goes back to what we do. there is no world in which john podesta's email account will be regulated any faster by the u.s. government. talk about government regulation and the balance of privacy is important, but fundamentally the account that may have changed this election was a personal gmail account. if donald trump had stepped in and said, i've got you john, john podesta would have said, no

thank you, i don't want the government securing my mail. until that individual knowledge of security is there, it is probably not going away. mr. sulmeyer: the accounts did not have dual factor authentication enabled, which is a free option on gmail. next question, please introduce yourself. .> my name is rebecca i have a background in information technology, so in my mind, i believe that what is now with the creation of cloud infrastructure being controlled by just a few entities, there is a kind of power being created that has never existed. i think we need to be mindful of it, especially in terms of the democratic process. cloud computing is making it possible to crunch data faster than has ever been possible, and in my mind it is interesting,

corporationstop are throwing their data in there without a lot of thought. i have been observing what is going on and feeling alarmed, as some of the u.s. and i.t. background, and i have brothers in i.t. as well. we are concerned. mr. sulmeyer: what was your question, though? >> with the cloud, the ability -- how do you feel about the new technologies , andare being created should there be more data governments around -- behind all this attacking is the cloud, really. it is the ability to send massive amounts to these huge databases, and thinking about the security of that information. mr. sulmeyer: cloud reaction?

mr. sanger: the downside is it centralizes stuff much more. they upside is, if the cloud provider is paying attention to security, it does not leave open as many of the holes when each of us has a different amount of security on our own systems. while john podesta would not , het the u.s. government probably now wishes that he had trusted google a little more, by using the services that were provided for free. the combination of cloud computing and big data capability poses a new set of risks to us. when you think about the opm hack, 10 years ago, getting the records of 22 million americans probably would not have and all that useful to the chinese, because somebody would have had to go through the records, or an army of people would have had to go through them. with the big data capability,

they can sort through very quickly, so that when somebody shows up at the year in beijing -- at the airport in beijing, and a fingerprint them on the way in, and they have done an immediate comparison to what is in the opm database, they may , possibly by absence of evidence, they would say, jeez, this did not show up, i wonder going intorson is the embassy when his fingerprints don't exist in our database. i would note that typical washington, when you steal 22 million records, everybody exaggerates their job titles. it turns out there are 4 million special assistance to the president. fiona, any other quick additions? my personal view,

after everything that has taken place from wikileaks onwards, is that nobody should have any expectation of privacy anymore. it's as simple as that. for anyone in any kind of public position, and part of this is the definition of public. any of you sitting here who have a blog or professor or teacher -- it is basically -- podesta, obviously has no expectation of a private email. i got rid of my private email's because of being hacked so many times. i would much rather talk to human person. to walk inone wants the park with me, come on. [laughter] mr. sulmeyer: ben, do you still have private email? mr. buchanan: i do. two-factor authentication is the most important thing you can do. mr. sulmeyer: last question.

>> my name is aba, -- ana. yesterday, a professor talked about the seven warning signs of war. one of them was a rapid shift in military technology that makes war cheaper and feasible. work isseen that cyber probably one of these things. much do you see the likelihood increasing with the shift in technology? dr. hill: i think we have been close to war for quite some time. people under vladimir putin think that as well. when you go back to payton's speech in 2007, it was a declaration of war that we did not have the imagination to realize. it was done in a conventional sense in terms of the intervention in georgia in 2008, -- i amthe russians very glad none of us have

mentioned this until i have mentioned it. in terms of russian strategic thinking and thinking from a military perspective, this is all part of a very large toolkit going from nuclear all the way efforts.cal there is a very good piece explaining this that just came out in the last month or so. for many analysts and commentators in russia, they have also talked about syria as being one of the noble points of that war now, because it is seeing the shaking up of a regional order. they have talked about ukraine as a proxy war with the united states. although it we have not declared it or talked about it in these terms, what we have seen is a full frontal attack on our election as part of this, but it is going on on a much larger

scale. i think we need to get used to the fact that this is where we are mr. sanger:. -- this is where we are. mr. sanger: that spectrum is now making its way into the u.s. .octrine as well when you look at what the cyber special mission forces are supposed to be doing, these 100 groups that are sent out and distributed among the more traditional military units, it is to use cyber in the opening hours, or at some point, have been a conflict together with other events. if you are looking for a good description about this, what has been written about a u.s. aogram called nitro zeus, program written if we were to get in conflict with iran. cane is a documentary you find around that describes the u.s.-iran cyber competition at some length.

that is what that is all about. in many ways, although there are significant differences in it, the way the russians have thought about this for a while as god parallels, not exact, with the way -- has got parallels, not exact, with the way the u.s. military has not about it. mr. buchanan: on data, we have examples of no kidding cyber attacks. this past december, we saw a blackout. my suspicion is these art development capabilities rather than full use of capabilities. for as much as our talk about operations, we should not forget that cyber weapons are now true tools of war and conflict.

buyer theory, what leads to conflict? security is a subject near and dear to my heart, and there is a branch of theory that suggests that conflict is like -- if these things are true. one perception, the offense has the advantage. everyone will say offense has the advantage of cyber. second, it is hard to tell offense from defense. i think what we have touched on with david talking about implants used for attribution, it is difficult to distinguish offense of attribution to a defense of one. -- defensive one -- and often -- e nations will miss perceive one another when they engage in digital demand. mr. sulmeyer: before we go, i need you to join me in thanking kate, who set this whole thing up. thank you, kate. [applause]

mr. sulmeyer: thank you to the panel. please join me in thanking them. [applause] to youmeyer: and thanks for tuning in and being here in person on a very sunny, warm cambridge evening. please come back and see us soon. thanks again. [captions copyright national cable satellite corp. 2016] [captioning performed by the national captioning institute, which is responsible for its caption content and accuracy. visit ncicap.org] announcer: which presidents were america's greatest leaders? c-span asked presidential historians to rate presidents in leadership. the top went to the president who preserved the union, abraham lincoln. gettersher top vote continue to hold their

positions, george washington, franklin roosevelt, and theodore roosevelt. eisenhower, who served in the oval office from 1953 to 1961 comics his first appearance at c-span top-five. the historian's top 10 choices, harry truman, thomas jefferson, john f. kennedy, and ronald reagan. one spothnson jumps up this year to return to the top 10. ranked deadan is last in all three surveys. there is bad news rancher jackson, as well. our seventh president found his overall rating dropping this year from number 13 to number 18. the survey had good news for outgoing president barack obama. on his first time on the list, historians placed him at number 12 overall. george w. bush moves three spots up on the scale to 33 overall, with big gains in public persuasion and relations with congress.

how did our historians rate your favorite president? leaders and losers in each category? you can find this and more on our website, c-span.org. announcer: join us tomorrow on "washington journal" as c-span'ss talk about 2017 presidential historian survey. that segment is live beginning at 8:00 a.m. eastern on c-span. president trump spoke at a campaign style rally in melbourne florida. this is just under an hour. >> ♪