Skip to main content

tv   Discussion on Ways to Fight Disinformation  CSPAN  November 16, 2021 8:35am-9:38am EST

8:35 am
video app. >> get c-span on the go. watch today's biggest political events live or on-demand anytime anywhere on our new mobile video app c-span now. access top highlights, listen to c-span radio and discover new podcasts all for free. get c-span now today. >> now a discussion on ways the united states and its allies and better combat disinformation and cyber attacks. the american enterprise institute hosts this event. >> good afternoon. welcome to the american enterprise institute live web event on combating disinformation. my name is john ferrari, i'm a nonresident senior fellow here at aei why work on acquisition and innovation topics following a long career.
8:36 am
it's my pleasure to be joined today a by dr. paul stockton former assistant secretary of defense for homeland defense and americad security affairs, anda senior fellow of the johns hopkins universities of applied physics laboratory. we are also privileged to be joined by my colleague aei senior fellow elisabeth braw. doctor stockton serves as and assistant secretary for president obama put him on his path, current path of support for industry and government to meet emerging challenges and infrastructure resilience, cybersecurity and strategic planning.
8:37 am
>> now that he's left office he provides strategy advice to major electric utilities, trade associations, and the electrical subsector coordinating council to help them strengthen preparedness against cyber threats. he cha he chairs the great resilience for national security subcommittee of the department of energy is o o electricity and advisory council and serves on the national association of regulatory utility commissioners task force on emergency preparedness. emerging national security challenges, specifically focusing on hybrid and gray zone threats. she published a new book "the defender's dilemma: identifying gray zone aggression." she is a columnist with foreign
8:38 am
policy, she writes on national security and the globalized economy, and a member of the national preparedness commission of the u.k. before joining a.e.i., she was a senior research fellow at the royal united services institute for defense and security studies in london, where she founded its modern deterrence project. she has also been an associate fellow at the european leadership network, a senior fellow at the atlantic council, and at a global risk consultancy. she started her career as a journalist and has published with the economist, foreign affairs, the times of london, and the wall street journal. she is also the author of "god's spies: the cold war espionage campaign in the church." in may of 2021, the congressional research service published a short report on deep fakes, reporting that such forgeries could present a variety of national security challenges in the years
8:39 am
to come. while a crs report emphasized the political risks, including eroding public trust and the blackmailing of public officials, deepfakes also forewarned much more urgent, broad, and dangerous challenges for the future security of the united states. in military parlance, deepfakes are in form of deception, and deception is as old as recorded history. today, deception writ large, is the achilles' heel that poses potential existential threats to the united states and our interests. flailing responses to the cyber attacks that forced the shutdown of the colonial pipeline underscores the importance of deterrence today. in contrast to the inconvenience of the colonial pipeline debacle, if ai systems for the united states military are undermined in the future, the threat could be existential,
8:40 am
rendering our nation and allies open to catastrophic attacks. retrofitting fixes will not be an option at the time of attack, particularly if we are engaged in war or are on the verge of conflict. three concepts are useful for grasping the scale, scope, and character of what deception means in the context of military systems. first, americans must confront that information always has been and always will be weaponized by our adversaries. second, the exponential growth of active and passive deception across all types of data and information that feed our national security systems is mirrored by the rise of disinformation more broadly, targeted at open and free societies. third, creative solutions will be required. fortunately for us, both paul and elisabeth have thought about how the united states should be organized to confront this crisis. paul has written a book on defeating information
8:41 am
operations in future crisis and elisabeth has written an outstanding book entitled "the defender's dilemma." before we begin, i want to share some logistical guidance. audience members can submit their questions at any time this afternoon for our panelists to address during the question and answer portion of our program. you can send them to an email account or use a hashtag on twitter. the hashtag is #ioataei. -- #ioataei the email is listed on the events page, on the aei website as well. the email is listed on the events page, on the a.e.i. website as well. without further delay, i would like to invite dr. stockton to share his opening remarks. dr. stockton: it is an honor to participate in this event. aei has been a source of cutting
8:42 am
edge analysis of the threats posed by disinformation and, elisabeth, you and john have both proposed studies. i would like to start with a different cut at the problem. we are familiar with the ongoing chinese and russian campaigns to corrode public faith in democratic governance. there has been less attention to the risk that a severe regional crisis, adversaries will conduct information operations to coerce our behavior. and above all threaten the u.s. public and senior decisionmakers that unless the united states backs down on the crisis and bails out on our allies, then we'll face catastrophic cyberattacks against the power grid, water systems, and other critical infrastructure on which public health and safety depend. chinese military doctrine and
8:43 am
capabilities focus on achieving just these coercive effects. last week, john, you know, the pentagon released its annual review of chinese military developments. let me quote from that report. the people's liberation army seeks to employ digital influence operations, that is overt and covert influence activities conducted through the internet and social media platforms during peacetime and war. elisabeth, this goes to your important analysis of understanding the dark gray zone, but also hybrid warfare, how from peace time to war, across with the joint staff called the conflict continuum, we can expect information operations to go forward. giving a conflict we should expect china to conduct "psychological warfare" to effect u.s. decision-making
8:44 am
using propaganda, deception, threats, and coercion to effect the adversary. the adversary, of course, us. russia has an equivalent doctrine and capabilities to coerce u.s. behavior. today ukraine is facing coercive threats from russia. the deployment of additional russian forces along the border, designed to shape u.s. behavior, vis-à-vis ukraine. and nuclear-capable russian bombers are flying over belarus airspace near the polish border.
8:45 am
ongoing information operations are important, but at any moment -- in the taiwan straits, eastern europe -- we could fall into an edge of war crisis. let's get ready for operations designed to divide the west and discourage us from coming to the aid of those that we need to. the recommendations that elisabeth and john have offered offer a terrific foundation for defeating coercive operations, but much more remains to be done. i look forward to discussing those defensive options, and elisabeth, your ideas on deterrence, in the minutes to come. thank you, john. mr. ferrari: thank you, paul. i would like to now invite elisabeth to say her opening remarks. ms. braw: thank you. if i can add to what paul said, because he didn't mention it himself, he has written a fantastic study. i think it is the most important study that has been written about electric grid security, primarily electricity, but it may seem like an irrelevant question until we don't have electricity. so, what i would like to talk
8:46 am
about is what daily lives looks like for citizens in western democracies. liberal democracies. if we look at the situation in poland last year and lithuania as we speak, there is what is called the migrant crisis, but i would also call it primarily an assault on these countries, these citizens trust in their country's ability to run their countries, because the migrants are simply just a tool that belarus, specifically lukashenko, has chosen to use to weaken these countries. what he is doing is suggesting the citizens of these countries, and by extension other eu states, that their governments are not capable of fulfilling the requirements of a government, including keeping the borders safe. what does that mean? i remember -- i don't know if
8:47 am
anybody else on this call remembers -- on this event remembers the 2014 incident off the coast of stockholm. there was a suspected submarine intrusion and the swedish navy was sent to chase them out. as most of us are not experts in submarine hunts, it is an area where you can easily cede this -- cede disinformation which is exactly what russian media outlets and officials did, by suggesting it was not a submarine at all or that it was a nato submarine, or the swedish navy had confused a sea animal with the intrusion of a submarine. all of this because we are not submarine experts because we are ordinary citizens was more successful than you might think it would be because it suggested, oh, the swedish navy is not up to the task. what does that mean?
8:48 am
were a situation erupted, swedish citizens would not have faith in the armed forces. that is really quite something. it was the mere rumor-spreading campaign. disinformation campaign. the reason it is so successful, i think, even on what you might call a smaller scale, like the submarine hunt, or indeed the so-called migrant crisis on belarus' borders with lithuania and poland, is that today citizens feel empowered to have opinions about sundry issues that they do not have expertise in. if we think 30 -- certainly 40, 50, 70, 80 years ago, citizens -- yes, they may have had an opinion about what they heard, but they didn't expect their opinion to count because they weren't experts. today, we consume -- we as ordinary citizens consume information that may or may not be correct, because we do not
8:49 am
know how to identify disinformation. do not know how to verify the information that comes our way. based on this information, we make up our minds and then be able to broadcast our opinions to the outside world, whether that be our immediate family or especially our contacts on social media. that poses a really fundamental dilemma, i think, to western governments, which is, how do you run a country, especially in a crisis, when your own citizens may develop opinions based on incorrect information, whether it is their intention or not, but anyway they develop opinions based on incorrect information can be fed by hostile states or can be fed by their friends who may not know better. at any rate, they develop these opinions and they may then form
8:50 am
strong public opinion against whatever it is your government is trying to do. that is a challenge in peacetime, but even more of a challenge when conflicts or armed conflicts erupt. i don't have an answer to it, but i do have a potential solution, our education shouldn't stop when we leave high school, when we leave university because technology is advancing so fast, just as we have to keep our driving skills up to date, we should keep our information skills up to date. for example, i think there is potential for public libraries to have information courses -- information literacy courses. if you attend them and complete them, then you get an information literacy certificate that you can put on your resume and that signals to employers that this potential employee is skilled or is certified to
8:51 am
identify what information, what's real information. that skill should not be underestimated in the workplace. we should remember that companies, too, organizations of all kinds are affected by disinformation. it is important not to lose faith, considering the challenges to democracies. these challenges are so immense, but if we draw on the potential of our population to be part of the solution, if they are given the opportunity, i think many will rise to the occasion. who wants to be ignorant when you can be a well-informed citizen? over to you, john. mr. ferrari: thank you, paul and elisabeth. let's start with some questions. elisabeth, let's start with you. the focus of this panel is on how the united states should be confronting information operations as a subset of gray zone aggressions from foreign adversaries. most prominently including russia and china.
8:52 am
in your book, the defenders dilemma, you explain which state actors started undertaking gray zone actions in recent years. why is this the case? and how did covid-19 impact gray zone activity? ms. braw: it's the case because it's an attractive choice. we here in the west, where our vulnerability is in the hot seat, so we communicate to other countries that they should essentially -- they should exploit our weaknesses. that is inevitable, because we are free and open societies and we are not going to tell our citizens what to say. nevertheless, as a result of the current complete lack of involvement by the population in national security, i think most people don't even realize what they say or do and how they react could have an influence on
8:53 am
the country's well-being. people will happily share information because it is fun or entertaining, or juicy. whatever the reason may be. the reason they exploit this opportunity is because it's too good to pass up, right? we don't have the same opportunity with them, because their governments can tell citizens to a much larger extent what to say, what to communicate on social media, and in the case of china, people don't even have access to some of our favorite social media companies that are based in the west. so it's completely opposite. i think of gray zone aggression as a soup. you can put in whatever ingredients you happen to have available. disinformation seems like a suitable inagreed yent to add to your soup. you add it but doesn't always have to add it. it depends on what you happen to have available.
8:54 am
unfortunately, today, in most countries, it's an ingredient that seems -- it is almost like a staple when other countries try to harm us simply because our citizens have so little understanding of national security and their role in it. their negative role in spreading disinformation that can harm the country, but also a profiting role in making sure that the information environment is kept clean. i should say, in the u.s., this is on both sides of the political spectrum. this notion of alternative facts exists among some people, but among other people on the other side of the political spectrum people talk about my truth, or your truth. how was that? there is one truth. there is even a common basis on which to debate or have a dialogue about opinions, then we are lost. i fear that if it continues the
8:55 am
country will become ungovernable, which is in nobody's interest. i think if people knew the effects that they had on the country's security -- in this case, the u.s. security -- they would want to be part of the solution. and if i can just add, it is currently russia and china, because we are such a wide-open field, if another country decided it wished to weaken the u.s., it could avail itself of this as well, because it is not particularly sophisticated. you don't need particularly sophisticated skills. one of the most powerful rumors spread originated during the cold war was at east germany's rumor that aids originated. it remains in circulation to this day. mr. ferrari: thank you. paul, your research focuses on
8:56 am
information operation campaigns as a subset of broader gray zone challenges, which you call a dark gray zone. you also distinguish between i/o campaigns that aim to weaken u.s. institutions and governance and those that might shape u.s. crisis decision-making. what do you mean by the dark gray zone, and why is it important to distinguish between different types of operation -- information operations? are you on mute? dr. stockton: thank you. let me rewind. i'm going to define the gray zone the same way elisabeth does in her terrific book. defined by the special forces community, gray zone aggression comprises competitive interactions among and within state and nonstate actors that falls between the traditional
8:57 am
realm of war and peace. that's the gray zone in which we find ourselves today. but i'm urging we get prepared for the dark gray zone, that is when little green men start pouring across the border from russia into lithuania or latvia, when finally things heat up in the taiwan straits, when there is an elevated risk of warfare between the united states, russia, and china, we know from social science research that in stressful events -- boston marathon bombing, horrific hurricane events -- americans turn to social media as their primary source of information. well, the bad guys are going to exploit that to the hilt and exploit the tendency of americans to want to stay on social media platforms that are conveying fear mongering divisive content.
8:58 am
that is bread-and-butter for them. we need to get ready for a situation in which the american public is looking at social media, china and russia are using that to try to shape u.s. behavior, not only by influencing public perceptions, but by reaching out to everyone in the situation room, in the white house, with personalized messaging in order to shape their views, and above all to threaten the united states with punishment unless we abandon our allies. we have to get ready for them also to move from the dark gray zone into an initial period of conflict, where they will begin to make good on their threats of disrupting u.s. and -- allied infrastructure, begin conducting demonstrative attacks against u.s. critical infrastructure with social media, portraying vividly -- and maybe with deepfakes -- and
8:59 am
warning that more suffering will come, unless the united states caves in to the adversary's demands. mr. ferrari: elisabeth, a question to you, then paul, you can follow in what elisabeth has to answer. what are the examples of the most aggressive i/o operations conducted by either russia or china and their impacts? how seriously is the united states' senior security infrastructure taking the threats of i/o's? ms. braw: i don't know that it is possible to grade. certainly, i think opinions would vary about the most successful campaign. let me give an example of a recent disinformation campaign that i think was extremely cunning because it exploited people's lack of knowledge about
9:00 am
the issue at hand and that was when covid vaccines were first being developed. that seems like a long time ago, but it was last year. we all knew nothing about covid vaccines, just like we all knew nothing about covid until february, 2020. even then people were worried that this vaccine might somehow be harmful, and don't you think that russian media started publishing stories that were then widely picked up by western media? not copied, but they were mentioned. >> and they were mentioned and this information was spread. and given this, it had to gain enormous traction, even with negative coverage and with traction and should have been no traction. and this russian disinformation
9:01 am
and the same with china portrayed the vaccines developed in the west as extremely harmful. not in terms of autism or in that vein, but that it would alter your appearance or things like that. well, if you read information like that then you're concerned with covid and concerned about the new vaccine that may come your way. if you read that it's going to alter your appearance, then you'll think twice quite obviously about using it and it may only gain small traction in the west. but as we've seen, i don't think that we need to debate the mask mandates and covid vaccines more widely on this panel, but nevertheless, it's a hugely loaded issue and you can only convince a small part of the population to act in the way that is detrimental to the country and then you're done in the country and i was interested in your views on how
9:02 am
-- how disinformation, misinformation, but covid vaccines are affecting it. my understanding is that they've spent a lot of time trying to convince the vaccine and that seems it's time not spent on military talks at hand. but like i say, i don't want to belabor the issue of vaccines, but it's one of the issues where, including submarine times, by the way, where everybody can develop an opinion, and even as they know nothing about the details of the subject area. >> and john, i'd like to tackle the second part of your question, and that is how seriously the u.s. government is tackling the areas of disinformation. i think that the government is doing a great job ramping up the protection of the electoral system against foreign
9:03 am
influence, the last series of elections and showed significant progress. and i think more and more, we're getting better positioned in the state department and dhs, to counter the ongoing campaign to corrode faith in democratic. but in the realm of coercive operations in future crises, i see less progress and it's interesting because on the one hand, the u.s. military and let me just mention the day after veterans day. it's the distinguished military service and thank you, and the u.s. military as you know, it's getting ready for transitioning of u.s. doctrine away from the physical destruction of the enemy's order of battle toward shaping the adversaries of behavior and perception, trying to win in the cognitive realm as opposed to annihilation of forces. so the u.s. military is
9:04 am
transitioning toward this new information realm, but i don't see the u.s. defensive capability getting ready for the risk that adversaries will do unto us as we're preparing to do unto them. and that's crazy, right? given chinese and russian doctrine that i alluded to earlier, and makes no sense for ongoing corrosive campaign and the high-tech that elizabeth wrote about so eloquently, might be adapted to the very different circumstances of the u.s. behavior. >> thank you, and elizabeth. if you don't mind, i'll pick up the point how it's affecting u.s. military. if we were to say a couple of yers-- years ago or even today that china or russia could eliminate and causing the training and widespread readiness levels to go down and that's essentially
9:05 am
what's happening with the vaccines and covid. so it's in addition to spending time on it, the cost of separating people and the readiness levels lost and the skills lost, will impact for years to come. >> elizabeth, paul, you first and then elisabeth, the u.s. congress have algorithms and how they amplify different ledges. given the impact of gray zone aggression and impact on the private sector, to what degree should the u.s. government be offering support or punishment to industry partners to defeat coercive information campaigns and other forms of gray zone warfare? paul, you first. >> we absolutely need to strengthen partnerships between the u.s. government and
9:06 am
facebook and other social media platform owners and operators because in a crisis, we know what's coming. we need those social media partners to block coercive messaging against the united states and john, i believe that a template exists to borrow from and that's the ability of the platform to filter and block child pornography and sexual exploitation of children. there are some models out there, how to clearly define what needs to be blocked, and then develop to do so. we need to make progress with facebook, but we also need to understand that many of these platforms have business plans that depend on conveying divisive, frightening content, because that keeps americans on their platforms longer, so a click and purchase more stuff. right? so there's a fundamental
9:07 am
underlying conflict here that we need to resolve because their participation in defending the united states from coercion is going to be absolutely vital. >> yeah, thank you. and elizabeth, the united states had a pandemic plan before the pandemic and then that didn't turn out too well, and so, we have templates of plans. what do you suggest, given the nature of the u.s. government due to make sure that it's something more than just a plan going forward? >> yeah, that is a-- how do you, in this, how do you make sure it's not just a plan. i think it starts with working with the companies and today's social media companies and tomorrow, there may be additional companies because we should remember that the social media is changing quickly. and so it occurs to me that this is an area where the u.s.,
9:08 am
like every western company has changed since the cold war. during the cold war, i think it would have been possible for the government to go to the ceo's of leading companies as they please do that or please do that. and we can't force them to do it, but you should do it because you're good citizens and captains of industry took great pride in the role that their companies played in america and respectively in other countries. but now, we have an environment for a generation of ceo's who don't feel that responsibility, as it may be because of the reporting requirements have changed or company performance to share reporting requirements have changed so every ceo is the slave of quarterly reports or whatever the reason is. i don't think that ceo's today feel the same responsibility
9:09 am
for doing the right thing for the country. and as we know, mark zuckerberg has said many times that it's the company over country. so short of legislating and, i don't know, even the best plan would be possible without a legislative requirement for companies to participate. nevertheless, even if we don't have legislation, i think a plan should evolve regular consultation with leaders of crucial companies, including, well, especially in the social media sector when it comes to disinformation and, main it's a naive hope, but i think if they were made to realize, not through aggressive questioning through congress, but a regular dialog through the u.s. government, the role they can play, and potentially positive
9:10 am
role they could play in helping keep the country safe. i hope that they would at least take some of that into account, but i must say, i'm not too optimistic and i would be curious to hear paul's view on that. >> i am optimistic because it's so important that we make progress. it's absolutely essential. the federal government can never block objectionable messaging. there have been repeated supreme court rulings to that effect and the last thing we want to do is throw out the constitution and our respect for the first amendment in an effort to see coercive messaging. we need social media companies, and narrowly define what constitutes coercive messaging
9:11 am
and from the united states citizens understand what that is and algorithms and support being technologies needed to defeat them. lets narrowly focus on that and an initiative so on a day-to-day basis these wouldn't be used, but when there's in intense crisis over ukraine or whatever the crisis is going to be, then we'd have something to fall back on. we'd have some principles, we had we'd have some inspirational and exercise the capabilities because they're not real unless you exercise them first. >> well, one of the points made by the proponents of information operations in russia, and in china is that there is no time period between war and peace. we live in this, you know, constant gray zone and both of you have made this point. so first off, right, how would you exercise in case of emergency' we're really in this constant fight and a lot of
9:12 am
these to get to the elizabeth's point of the large tech companies, i think a lot of them view the role as global in nature. if you look at facebook and microsoft and amazon and all of these, and twitter, right, and instagram, that they're global firms and they're reacting to input and stimulus of disinformation for around the world. how do we avoid this gray zone warfare, not just in the united states because it's one thing for the united states to have a plan, which may or may not work, but also, different countries have different rules so how do we look at this more globally? paul, why don't you go first and then we'll go to elizabeth. >> it's a great question, john and i think looking at the ongoing efforts of russia to weaken nato and to divide nato partners so that when a crisis comes, we'll be less likely to be able to operate under are
9:13 am
the article 5, there will be a weak link in the nato alliance and disrupt that decision making, and just as i did so in slowing the western response to russia's invasion of ukraine and seizure of crima. i'd like to take it a step further. right now we're creating two silos of excellence, right? over here we have preparedness information operations and over here, improvements to the cyber resilience of the electric power grid and other infrastructure. the bad guys are going to combine a task. they're going to use information operation together with cyber attacks in order to coerce our behavior, and john, we need integrated defensive strategy that brings together traditional notions of cyber resilience, together with
9:14 am
defeat against information operations. and we need to do it with our partners. >> any comments? >> maybe just a useful-- and in the baltic states after they had been there for a while, it became obvious that they were being targeted by disinformation and it was particularly directed particularly against the germans where russian media and anonymous accounts spread falsehoods about these soldiers engaging in neo-nazi activities and really-- and we know that germany has the accusations and the information. and the disinformation
9:15 am
presented as information was completely an effort. so what it did do what i think made completely obvious. and who is there in defeating and you're an expert here, and one might think one is a lowly soldier and doesn't count. in this distance, everybody counts and commanders with the different include clear to our soldier they need to be careful when they're up and about in these countries and, for example, there was a story that was circling, and italian troops and that, too, was incorrect. if you happened to be an italian soldier, you can say have a nice evening and go out
9:16 am
and buy some alcohol, you're not safe from that turning into disinformation. the lesson learned and i think all of these countries contributing, have learned a lesson and implemented and everybody has a role to play. >> thank you. let's turn and pivot a little from information operation to cyber attacks and maybe the accommodation of attacking the internet of things or ransomware in general. what are your thoughts in the work and looking at the colonial pipeline on how the internet of things has come together and how do we harden ourselves and make ourselves more resilient going forward? >> well, colonial pipeline was an important wake-up call and i think that ransomware is going to intensify the threat to infrastructure, owners and operator because so much terrific ransomware, malware is available on the dark web and essentially off the shelf.
9:17 am
but i think that, as we simultaneously strengthen our resilience against those day-to-day kinds of attacks, we also need to think about much more serious threats to come and john, again, because of your military expertise, i want to focus on one particular issue and that is, when the balloon goes up in the taiwan straits or the bault baltics and we need to send officers from fort hood and to the port and where they're going to be perceived and provided for forward movement. every bit of that infrastructure might come under attack, cyber attack by our adversaries and we're trying to generate and deploy those forces to come to the aid of our allies, paired with information operations, designed to tell the american people, you can't win, you're
9:18 am
going to lose, you're going to be punished. look at the disruption that's happening to u.s. transportation operations, you're doomed to fail, sue for peace now. and let's have a reasonable settlement to this conflict over the baltics. we need to understand how cyber attacks fit into u.s. military plans to prevail in regional conflicts and how adversaries will use information operations in order to encourage the united states to bail on its allies. >> thanks, great points. and elizabeth, what about resilience and deterrents in general for the harder side of cyber attack first and then on the softer side of io? >> yeah, so, here again is where the population or the public can play such a crucial role and go from being a burden to being an asset, and at the moment, the public is a burden
9:19 am
because the governments i think are too afraid to articulate to the public that something could-- something harmful, something dangerous can come their way and as a result, see traces of colonial where people panic because they weren't prepared for a situation like that and they panic, and made the situation much worse by panicking. and i still think that in a sense, this is an opportunity for us to do things differently about members of our society where usually, maybe overlooked. so just taken for granted. so, colonial in particular highlighted that aspect and highlighted himself when he gave evidence to the senate and i remember specifically, it was anything that, well, could you have switched to manual. that's what they asked him and the ceo said, well, we were lucky, we had some disabilities and available to do something
9:20 am
along those lines, but that the more important point you raise was that neither colonial nor other companies today have the expertise to go fully manual in case of a cyber attack of various kinds because the people who have those skills as said in the senate hearing, they're either retired or dead and i think, let's utilize the ones who are still among us and how about it's companies, they went out and-- or they have their names in there, on their-- and they brought them back in as a force of contingency experts who were able to take over in case of a cyber attack and switch at least between the manual to the extent that the equipment still has the manual
9:21 am
switch. they would be able to operate that equipment and keep operations going so that the company didn't place a horrible choice of either pain or going-- nor exactly that when they were targeted by a ransom attack a couple of years ago. they had a couple of older employees who knew how to operate manually and with pen and paper they ran the company. >> thanks, one of the great things about the panel today is your focus on the dilemma and identifying deterring the aggression and paul's in defeating and going together. we have a couple of questions from the audience, right. and the first is. we'll let paul if you want to go first and then elisabeth. and the rogue states, nonstate actors and smaller countries unfriendly to the u.s. and
9:22 am
allies, largely conducting io operations, and essentially giving them what one might call super powers to conduct warfare. >> you bet, the pace of technology, the ability of deep state capabilities, for example, turning smaller states into very formidable adversaries. and i think there's a next level of analysis that's required here, john. borrowing from the curtis lamay, and if we can take care of the cats, we can take care of the kittens. that is we can counter china and russia, we can handle rogue states, but they may attack us in very different ways. a prime example, countries like north korea and syria that are not part of the international financial system in a way that involves the united states, they're kind of on on their
9:23 am
own, they may target the u.s. financial systems and infrastructure and use combined cyber attacks and information operations to create market panic and disruptive psychological effects, as well as physical effects, because they don't depend on u.s. economy for their well-being in a way that's very different for china. >> and your thoughts? >> that was a very good example and in a sense, america is spoils at least 75 years for his formidable armed forces and i think of national security as combined, the front you have combined, but behind it the softer part where america has been complacent. because if you have the formidable steely part why do you need to worry about the
9:24 am
softer part behind it, but it's a combined field and what if the steely part doesn't work or if the attack isn't directed against the steely part, but comes from around on the other side? and so that's clearly something that there's more exploiting as paul side. and then a country of less than 10 million residents and has a terrible economy, doesn't have very much, has a friend in russia, but you can't always count on your one friend and nevertheless, belarus is managing to cause alarm across the west. and spreading disinformation is extremely easy because, again, our citizens are not aware of the negative role they're currently playing in spreading falsehoods, but also the possibility of roads they could take to keep the country safe. if we think about other forms
9:25 am
of attack, i think that the incentive for now especially following belarus' relative success in keeping the world on pins and needles, is that other countries with authoritarian rulers would say, we're going to experiment and cook up the gray zones to see where it goes and what's the harm? it didn't cost very much. >> yeah, so i would like to just say that i think that american has been spoiled for almost 250 years, since the founding and we had two oceans on the east and west flank and friendly nations on the north and south and until the 1950's there was no real threat to attack the homeland and in 1954 the nuclear weapons of the soviet union and more recently china so those were the threats, but now, any consistent r country, any person, any 12th grader sitting in a basement with the cyber weapons and information operations can actually target and hit our country. we've talked a lot about
9:26 am
structuring. there's a question about organizing china for battle, if you will. right? and so the question is, you talked about forming a better integrated strategy defense against information operations, especially by russia. what do you think how this requires a structural or organizational change, be it, be nato or american organization, or is this just a problem of how we use information sharing and coordination? are we organized for battle correctly? elizabeth, you first? >> i just would give an example of something i think it would work very well in this country that's being pioneered by the czech republic and it's the slip side talking about smaller countries being able to harm america and other countries. america's smaller allies are much more adapt at innovating
9:27 am
in the gray zone typically they don't have the resources and don't have the armed forces to rely on in any given moment. so the czech republic is pioneering a concept that's fantastic and that's during the military, gray zone exercises where they war game with key companies in every sector, various contingencies and that has the psychological effect that the private sector in the czech republic feels at least moderately prepared for whatever may come the czech republic's way and for the armed forces, well, it gives the armed forces an opportunity to exercise scenarios other than conventional ministry ones with the sort of actors they would need to work with in the gray zone crisis. so, i think that that's something that the u.s. could learn from and that's the allies, you don't have to always do everything yourself.
9:28 am
you can learn from one another and-- paul, organizing for battle? >> i think that nato has a robust organizational structure now, although i'm not sure that the article 5 decision making structures are adequate for these kinds of combined operations. i say the bigger problem, john, i'd be interested in your thoughts, is we need a concept of operations and we need play books. pre-planned, ready to go and exercise so that when, for example, china, as the pentagon described its doctrine, conducts exemplary cyber attacks and small scale limited attacks and not cyber pearl harbor and uses information operations to incite panic and disorder to magnify the psychological effects of limited attacks, what have we got in our play book? let's not be making this stuff
9:29 am
up in the midst of the course of a campaign. let's exercise, let's anticipate, let's build new coalition defense operations and not only in nato, but of course, in the far east with our partners who are going to be essential or countering chinese aggression and contingency. >> if i could pull on your previous string in homeland defense and department of energy, what about organizing within the united states? right? we know that the military is either prohibited or does not want to, you know, operate within the border of the united states. yet, the attacks are coming from external, and so how do we organize private industry, state and local government and the federal government in the military to kind of either pardon ourselves and deter it, but also to defeat the io and cyber threats internally for the united states? >> the first step, john, is to develop an assessment of the threat. our discussion today continues
9:30 am
to assess what's coming, without a threat assessment, we're stuck in the mud and then, i think, we need to agree on some fundamental principles here, above all uphold the constitution of the united states as we build defenses against coercive information operation and let's know the get dod into the business of homeland defense against information operations. the department of defense is already busy with its existing portfolio. there are sensible constraints on the operations of the department at home. let's turn to the department of homeland security, the federal bureau of investigation, the other federal agencies, let's make sure that they can effectively partner with the private sector within their existing portfolios and responsibilities to build the kind of defenses we don't yet have against coercive io's and combined attacks. >> well, thank you. we have about five minutes left
9:31 am
so i'd like to throw one question out for each of you to address in about a minute each and then i will turn it back over to you for closing comments, each of you. so the question is, we've talked a lot about io and attacks against people and information warfare. but what about our-- as the military developments more ai systems, right, how do we protect the ai systems from being similar will i-- similarly deceived? >> that's a tricky one. but if i can make it related point, it's that, again, every single one of us has such an important role to play in realizing what data we leave behind or what's the data trails that we leave as part of our daily lives. and so, it's not specifically an answer to this question, but i-- it opens a new front for those
9:32 am
who wish us harm and for example, to think about that technology, that the-- until a couple of years ago, and popular among the american soldiers and the only reason we know it's popular among the american soldiers, somebody on the internet managed to figure out using that company's mass of usage worldwide that it was being used in the very efforts in iraq and who goes jogging in those deserts or remote areas of iraq. that's how you knew that's where the american soldiers were. and if you think about the use of ai and exponentially it's going to be part of our daily lives. well, first of all, it's an opportunity for others to learn much more about us, either as collective groups in our practices or as individuals and
9:33 am
i guess -- i'll leave paul to address the deception of, not of aei, but of ai. we don't do this deception at aei. but again, it really comes down to everybody understanding that they may just feel like an insignificant part of a person or a cog in the wheel, but the data trail could be exploited by somebody. and if i may just make one more point for what paul just said. so, speed is of the essence, i think that much is clear when it comes to disinformation operations and cyber operations and it seems to me that one of our biggest vulnerabilities is that we need a lot of time to conclusively establish to what is behind the cyber attack or cyber intrusion, i should say, or disinformation campaign and
9:34 am
then a lot of times, by the time we we have established beyond a reasonable doubt that such and such government works behind and then it's almost too late to do anything, and so, i wish we could establish protocols that would allow us to act faster and even without reaching the level of certainty beyond reasonable doubt. i think, i wonder if we have to depart with that self-imposed requirements. >> thank you, we're approaching the end of our time. so, paul, you can answer the ai question quickly, but also, any concluding comments? and elizabeth, we'll come back to you for comments. >> john, the ai question is brilliant. as china in utilizes artificial intelligence and conducting io's and cyber attack against critical infrastructure. we're going to need to develop ai defensive plans and capabilities to match their machine speed operation and
9:35 am
therefore, as we build those defenses they'll be prime targets for adversary manipulation of the data on which our ai defenses depend and everything else that's essential going forward. so i urge aei to conduct a formal event on that very subject. >> any final comments? >> well, aei would clearly set out to be the leader of ai. congratulations to our founders. if i could just make the-- tell you, hopefully give a window into the future, companies are developing what are called digital friends, so essentially robots, that you can have in your house and you can talk to them and they talk back, lovely, right? because so many of us live alone. how is that for an ai target? the amount of information that our digital friends would have
9:36 am
about us and also how those digital friends can be manipulated by somebody. that's the conversation for the next panel. >> well, thank you. listen, this has been an honor for me to have both paul and elisabenefit and for the dilemma and course of information is powerful and also very timely. as you know, i'd also like to thank, none of this happens without a lot of support. aei in general, but really, the staff behind the scenes that helped put this together, myself, paul, and elisabeth thank you for doing that. and thank you for attending today. this concludes our session. >> the senate returns today at 10 a.m. to continue debate on the nomination of graham steele to be assistant treasury
9:37 am
secretary for institutions and comment on his nomination and for farm production and conservation. later the senate is expected to begin work on the defense programs and policy bill. watch for live coverage on c-span2. >> today homeland security secretary mayorkas testifies on border policies before the judiciary committee. watch on c-span 3, on-line or on c-span now, our new video app. >> washington unfiltered, c-span in your pocket. download c-span now today. vermont senator patrick leahy announced he'll rely from the senate after eight terms. first elected in

28 Views

info Stream Only

Uploaded by TV Archive on