Good afternoon everyone.  Welcome to track 3 this is when the secretary of states says please stop hacking us.  And with further of due I give you David.  
>> Thank you very much. im happy to here with you this afternoon, so im gonna share some insights from my work over in government,and youll notice that with diplomacy, theres been a remarkable consistency over a hundred of years in diplomatic relationships, and also, the way that we diplomatically negotiate with one another, and the way that diplomats maybe use the threat of military force to back up that talk, but what is new, is that cyber security is a new topic in  diplomacy, You don't really hear much about the government aspect which is why I'm happy to be here today, to share my insights with you, so for 5 1/2 years i was a political military officer of where the state department.  In my role I help a lot of security dialogues, bilateral and multi lateral dialogues. and i also worked really closely with the cyber offices all through out the state department,  And in other U.S. government offices.  State department we work closely with the policy shop. F-cyber, its a cyber policy office directly under the secretary of state, theres also another office, INR cyber which is an intelligent site and there lead officer for cyber security that represents their bureau and of course working closely with our colleagues in the NSA state as well.  So I'm going to take the experience of government and pair it with cyber threat. that we see going on in the world, and then show how govt. approach other govt. and talk and try to solve some problems from state hackers and nonstate hackers so to lay some ground rights, this should be familiar to most of you, this is north corporation cyber threat attack site map. its the 2014 model but if you pull up your cellphones or computers you could basically see it real time right now, what country is hacking what country, its a representation of whats happening in reality, because it sets up these honeypots and it attracts what country is hacking what country, so its really what they say as tip of the iceberg, but that not what actually is happening,but rather a representation, so in addition to that invisible threat that we saw, you know the cyber activity, that you know you cant actually see with your eyes but the map makes it visible, and the first time i saw that map it looked like WW3 to me, it looked like those are missiles and bombs, it looked very serious across continents across regions, it just looked very serious, I want to specifically go to one incident of 2014, the Ddos hack that shut down facebook, Again I'm laying some background information for you.  With the DdoS attack (distributed denial of service) thousands over computers were part of coordinated attack. that then theyd be a part of a botnet Which then stream from East Asia over to United States and many of these users and owners did not know they were part of attack because they might have clicked on malware clicked on a banner and installed malware, and basically installed a stealthy program that lets other people control their computer, so you’ll see the sequence here that the first slide looks alot like the previous, cyber incidences, only the previous one were single attack going to country to country.  This one is the second frame shows thousands of computers being coordinated like your in a Ddos,and this looks like street fighter 2 ryu’s hadukken going across from East Asia to the United States.  And this is a massive.  Many companies will shut down their companies completely, might take em days to get back online. it shut down facebook completely for 30 mins  For every second their shut down they're losing money.  Right.  So given that there is these attacks that cost government a lot of cost company a lot of money that hack government military secrets.  There is a lot of reasons why countries talk about cyber securities when they have these bilateral dialogs. and every year they have multilateral and bilateral dialogs that that actions forward the event So you expect there is going to be ministerial meeting, or youre gonna see a foreign minister going to meet the other foreign minister, what are we goin to talk about?  Cyber has become a topic in the recent years. In the united nations its a multilateral setting, and soon im gonna talk about bilatelal setting, but in this multilateral setting, the plenary is not exactly a place where cyber security will be a topic because that's where a president of a country or foreign minister has 15 minutes to talk about whatever they say to all the represent at actives in the world. so rather than cyber would be a topic in the  side meetings,  Throughout that week the head of state will bring their entire delegation up and down the ladder of seniorities from the deputy secretary to under secretary, and then they'll meet with their counter parts from various problem a range of issues including cyber security. now instead of a multilateral setting, this is an example of bilateral setting, The U.S. china SED, with plenary session with secretary of state and secretary of defense, this one is huge its all the cabinet level of secretaries of the us government, US ambassador to the UN,  U.S. secretary of energy meeting with their counterpart from china, this plenary session will be more scripted, so thats not really the appropriate place to bring up cyber details however there are breakout sessions that happen a long side of plenary sessions where they will work with each other and that's a venue where cyber security or cyber diplomacy will come up. and when the US talks to china, its really trying to identify What are the state actors and what the activity that is going on in china thats impacting U.S...  What are the nonstate actors?  What are the groups and how can the U.S. convince china to make some changes or crack down on domestic group.  So the Australia ministerial is a bilateral ministry much like the one in china, but the relationship is very much different, because australia’s relationship with the US is different because both are mutual defense treaty allies, Australia is considerered NATO +5 so European countries plus australia, new zealand, Japan, Korea and israel, so theres a very close relation and informations and intelligence sharing,so when the U.S. sits down with the ministers former secretary Hillary Clinton. and former secretary of defense panetta in this picture, theyre gonna have a plenary and theyre gonna have a break out meeting on the side but the tone is gonna be different, You don't expect a state actor to be hacking the U.S. from such a close ally.  You will be expecting if there is some action from the substate level.  From certain hacker groups but is going to be much more cooperative. these allies will say tell me who it is we'll get the police.or well help try to crack down on this so its gonna be a different kind of conversation,  So over the next few minutes I'm happy to share my insights on these bilateral dialogues but to go more deeply and to create a framework for cyber diplomacy  Including the roadblocks that we face over cyber diplomacy, problems with finding attribution,and also disclosinginformation on how to have evidence for attribution the disclosing dillema, ill talk about this in few slides, and also some recomendations, so back to the basics.  What hackers want is fame.  Hacktivist wants to hack for the lows for the kicks.  They might be going after your credit card so they can buy thing.  One company might be trying to get intellectual property from a competitor company, in another country that they could have a competitive edge or for the military most of them are state sponsored most them are trying to get military technical drawings of the latest aircraft, or attack helicopters, or military strategic planning. like the pentagon plans or their conplans, operations plans   When this occurs these are really good reasons to sit down with partner countries.what are the most cooperative allies or less cooperative partners, and to raise this into diplomatic dialogs, so the dialogs would be like the one i mentioned earlier, the Australia ministerial,  U.S. china FED they could also be with more of a working level.  The U.S. military has service to service talk like army to army and for the closer U.S. allies the closer partners will be these hybrid talks will where say the diplomats will talk for over an hour and spend the first 10 mins for the intelligence briefing wether from the CIA, DIA or NSA to lay out the threat or the problem, the for the rest of the hour or 50 mins wil be the policymaker and then sitting down with their counter parts of different countries.  We see a common picture how are we going to work together to solve that problem.  Cyber becomes a topic in diplomacy when is in the news paper and you cannot ignore it so you just wanna talk about it with your partners,  It might not be in newspaper but it might be in intelligent sources.  So government officials and sources might have access to this information. and see some concerns, There some offices that will take a lead on bilateral dialogue.and then theyre the one that coordinate everything  And make changes as they're setting the agenda.  Or an office might not the lead. they might be a part of an inter agency clearance process but They have they share an equity, they work on the similar issues the cyber security, so the lead office will talk about the talking points and agenda for the entire meeting, and the clear it with the 10 or 20 other offices and at the pentagon, white house,NSA  and when they make the edits they can go head and put new topics and new ideas there because they're involved in the process. and also the foreign minister could also just put it in or nobody wants it in but it was there last years and a year before So is a president that's going to be in this year as well.  So when U.S. diplomats and senior officials sit down with other countries the attribution problem can be a roadblock. so when the US sits with other countries, they’ll say the attribution problem is the… back it up… so the attribution problem, just a refresher, is where the attack could be coming from country A, yet its only a proxy from country A its actually coming from country B, through country A to hack you Or are maybe several proxies, country F going through E,D,C all the way to attack you, so among private company and among individuals the attribution problem can be very difficult to solve but the US govt. has been trying to solve the attribution problems and its a sensitive topic. so i cant really get into it myself,  So I'm going to scythe Shane Harrisson’s new book he’s a journalist and did a lot of research about NSA and about cyber security, and he talked about attribution problems, and according to research, Around page 20 because i looked it up recently he wrote that basically the NSA had spent a lot of money buying computer software from companies in western Virginia and NY and developing their own software in-house and spend years figuring out a way to affectively solve the attribution problem so according to his research, this former journalist, through his interviews with senior officials, say that is the U.S. government is very advance on this. and the attribution is the very key aspect of diplomacy and all the things that you see in newspapers because if you can't be sure if the attack is coming from a specific country,then theres nothing to talk about, you cannot sit down with a country and say, you're doing this, even if you do not have attribution right.  Say you do have it right. and say you  have high level confidence based on certain method,  Then you will still approach the disclosure dilemma and thats where when you’re sitting down with a foreign country, and you’re saying, you’re hacking us,and they say no were not, and you say we have evidence, and they say prove it. and then you say no we cannot because if we prove it to you, if we show it to you how we know were it was you, then you’re seeing our sources who is our informant in your country.  Is it a U.S. embassy officer telling us? then what’re you gonna do with that? right? or you’re finding out more about the message, so next time you could go around and change your tactics so we cant discover you next time,so the disclosure dilemma especially if you know another country exactly how you know the solution for attribution it could make them a stronger adversary, so among companies, i often hear — officers and private companies, lament that in Cyber security the only weapon is a shield and I feel like companies are trying to how are we being hack how can be guard against that.  How with can we block specific IP so that doesnt happen, but government is really interested in who, what, when, where, why? and thats really important for bilateral dialogs because it paints the global context of hacking, So this is an area where social science can cooperate with computer science can so you have the technical skills plus the language, to send people into chatrooms and to talk to certain people to certain countries without sounding… if you put it through Google translate you'll sound like a kindergartner or finding out the legal situation there, what kind of laws can you use if the rules of law is strong, whats the relationship between the govt. and the people or the govt itself internally, is the govt fragmented? are you getting hacked by the other side of the govt but the other side doesnt know whats happening? when you talk to them you can really affect.  So private company I think the bare minimum is very important to stop hacking and stop the bleeding. or their monolithic that they really know whats going on, that when you talk to them its going to affect change, sop private companies i think the bare minimum is very important to prevent hacking to stop the bleeding and to protect the network I think as you move up mad load heiarchy of needs ———  is important then.  After you take care of protection to start asking those questionings. and i see some savvy private companies ask those questions is because their senior officers are former US military, or intelligence or the NSA. os if they find out that the answer to the question is not that satisfying they wan t to know to who, what, when, where why,   So what types of cyber tacks are more likely to come to come up in different dialogs compared to others,  so the kind cyber-attack that is more likely to come up in dialogue are the state to state hacks. when, assuming that you can solve the attribution problems by some method by thru the NSA if a foreign govt is hacking the US govt. so thats definitely gonna come up so the US govt. thinks that perhaps if we convince them to someways to prevent this from happening, moving down on the left, when a nonstate actor when a hacking group hack it is U.S. government yes the U.S. government wants to bring up in dialogue. because it hopes that the govt is gonna be able to crack down  on that group domestically, But when there is an on the right side when is a state government hacking a nonstate actor like a company or something is not necessary going to come up in dialogue because companies most likely don't want to share that information so the govt might not even know that theyre being hacked, or is so limited there a few examples of that. also in the bottom right quadrant, for people to people hacking or company to company,  That's just so abundant there's thousands of these hacks every day and people trying to hack your credit card number. or sending you emails telling you that you won $10,000,000 So how do you address this in a diplomatic dialogue? so getting back to the classic scenario when the senior officials sit down, its gonna look different, if the country is a US ally versus a less cooperative country,of a US ally of for a cooperative country, its gonna be. like australia it gonna be, you know were pretty sure its not state sponsored, let us know what you have because if its coming from within the country, were gonna use the law enforcement to solve it, if its a mutual threat or a share of information, and if its an attack that was supposed to be susceptible from another country then lets find out how we can be more safe together, but if its coming from a country that is less cooperative, then they’re gonna stonewall with the attribution problem, and you’re gonna face the disclosure dilemma, so thats they’re gonna say, you can’t prove it, its probably a proxy server coming thru our country, it cold be another country, they’re gonna ay we too are the victims of hacking, some are victims just like you, so this all just stone walling, so they don’t have to do anything to try to help solve the problem, in diplomatic dialogs, you’ll notice that some countries are more cooperative than others, surprisingly vietnam is very helpful and cooperative in cyber diplomacy,if they find out theres an issue then the govt. is very cooperative in that sense. you’ll find that in eastern Europe you’ll find that there are countries that less or selectively cooperative when its in their interest of course, and then theres the variation in eastern Europe and Russia,  that mostly these hacks will target financial institutions, while southeast Asia , in Vietnam they’ll be targeting E—commerce, while northeast asia will be target9ing intellectual property,sharing information so that other countries -- companies can learn from their experience and prevent future hacks is to solve the government level recognize that this is a growing field.  If a country sayings, don't do this and this is not right and does it.  The country loses the right of other countries.  So consider going beyond the region.  U.S. market to a more international and global market.  So that together we can, work together to prevent cyber attacks.  I'm happy to share my twitter information and I’m also working on a book on Cyber Diplomacy. I’m comparing agents and publishers, if you have any advice I’d be happy to hear.  Thank you very much for everyone here.  And also thank you very much to Dell Secure Works at VeriSign, for all I’ve learned from their subject matter experts and their analysts. And thank you very much for coming today.  
[ APPLAUSE ]