no matter where you're from, or where you stand on the issues, c-span is america's network. unfiltered, unbiased, word for word, if it happens here, or here, or here, or anywhere that matters, america is watching on c-span powered by cable. >> white house national cyber director chris inglis was part of a conversation about u.s. cyber security and foreign policy goals. he sat down with david sanger from the new york times. >> for those of us here in person, remind mobile devices, if you're called on, please

stand and the microphone for your questions, thanks. >> good morning. i am adam segal, the chair in emerging technologies of the national security and director of the council, digital and cyber policy program. i'm just going to take a brief moment to welcome you all to today's event and give it an extremely exciting that this is the first d.c. symposium in person although not there to enjoy it with you, but this is the 8th cyber symposium that we're had. the last three not surprisingly has focused on great powers and geocompetition in cyber and on-line content moderation,

deep fakes, internet governments and privacy and international trade. i hope all of you will take part and consider subscribing to some of the other products from the digital and cyber states programs. you'll check out the cyber operations tracker, which is the running track of known faith-based attacks and unfortunately, of course, we're adding to those at quite a pitch, given what's happening in the world these days, but also, subscribe to net politics, the blogs of the policy program, as well as our newsletter. i do want to thank everyone who has been involved in the program and in working on the symposium and in particular, connor sullivan from the d.c. program who has given so much support and assistance putting on this together. thank you to connor, and let me just say that this is, you

know, extremely great timing to have director inglis with us here today. as i'm sure many of you know, just last week, we had another joint federal warning about new types of industrial control system malware that have been discovered in the u.s. networks. so there's no doubt that the risk is going up. so thank you very much to director inglis and to david for being with us today and i will now turn it over to them. >> well, thank you very much. thanks to all of you who are here and thanks to adam and the

cfr for putting this on and mostly, thanks to directorderfu opportunity to come here. and he has a truly challenging job that would be challenging under almost any circumstances, but the fact that he is the first incumbent in the job means that he's got to go navigate the politics of creating a new position while also trying to do this in particularly trying times. so, we really appreciate you coming out. as you heard from adam, i'm david sanger, white house national security correspondent and write on cyber issues. and this is the keynote session for the symposium. there will be another session after. what we're going to do is i'm going to talk with a director for 20 minutes or so, i guess, 30 minutes or so, and then we will go to questions, both from those who are joining us

virtually and those here in the room. a reminder to everyone that this is gloriously on the record. words that, you know, ring like music to a reporter's ears. and every government official, so, chris is all the more thanked for doing it that way and agreeing to do that as such. let me just start with what's most on our minds right now, which is the conflict with russia over ukraine and i'm interested in both your analysis of what we've seen happen over the past eight weeks and then your concerns about what we may see going forward. we entered this figuring that any modern conflict would start with a major cyber attack at the beginning. that, you know, undersea cables

would be cut or the power grids would be fried or the russians would attack enough of the internet structure within ukraine that they could shut down all the communications. and so, along comes the first major kinetic war in the cyber age and that's not what we saw, early action in january and february, but we didn't see the bigger attacks. i was at a symposium recently where a number of your government colleagues were debating why that was and, you know, a couple of interesting theories around, but i'd be interested in first hearing yours. >> first, david, thank you so much for the warm welcome, thanks to connor and the council for setting this up. and we've longed to have the face-to-face discussions and

it's to learn how to speak face-to-face with peoplement and in the next hour, it might be one thing and then the rest of the job might pale in comparison. it's a great question, the question of the moment why we had the expectations that the russian play book having relied so heavily on disinformation, cyber, with other instruments of power and why haven't we seen the cyber against at least nato in the united states in this instance? i can't say i know with pre precision anymore than anyone outside of the russians would know. first and foremost, it's not playing out the way that russians imagined. they would imagine that their kinetic forces married with this information could overwhelm and storm the country within days if not sooner than that and therefore probably did not have incentive to use a computer network attack in the way we might have imagined to

achieve degrees of interruption or destruction of an infrastructure they thought they'd soon inherit. neither did they want to inflame kind of the nato or the united states alliance with what might be an unnecessary provocation. it took some degree of self-imposed on others, they were distracted, busy, it's hard when you're on your back foot trying to recover your initiative that then mount a campaign of any sort and we saw that certainly play out on the ground and i think in some degree in cyber space. >> and it's harder to do than to say to mount a campaign of any kind on the ground or cyber space, certainly ability to understand the lay of the land it and what your victims and targets might be and not just to fire salvos you about to do that with understanding what the lay of the land is so you

can announce and effect a campaign. if you're up to a hetero genous architecture in cyber space, it might be it's not easy to do. the last thing is to imagine that cyber is not an independent domain, it's sitting out to the side where cyber plays out all day every day. it's connected it the to the world, and the russians and ukrainians, it's cyber in the world. confusion on one side. use as an instrument of power as opposed to an independent domain, it's something with a, pun intended, which is the physical world and the cyber world. the weeks ahead, putin has now narrowed his objectives in the physical world and he's down in the southeast, he's withdrawn his forces at least for now

from going after kyiv. as you look out ahead at this integrated, are you expecting inside ukraine we're going to see more use of cyber and at what point do you think, if at all, he then turns to attacking targets in the west, to retaliate for the sanctions, for the isolation and so forth? >> let me take that in reverse order, which is at what point do we expect or predict that we'll see the russians attack the west, nato or the united states? that's a fraught decision that has dire consequences on both sides and i don't know that that decision has been made or with predictable precision that we might prefer. we have strategic warning it's a possibility and we therefore need to prepare for that possibility. and having that strategic warning we have to figure out how do we actually understand as it's happening at the earliest possible moment,

what's happening, when, why, so we can deal with that. that is what guides our present effort. having the strategic warning in hand. how do we effect a collaboration not just between nations, but the private sector and public sector to combine our insights, our capabilities, because if one of us sees something that might not be plainly visible to another. if one of us sees not all of it, a bit of it, how do we put things discovered together. no one can discover alone. that's the game before us, how do we put ourselves on the balls of our feet to react to that, having said that i think we're in a reasonably good place. the architectures that we know as the internet or internet plus, have not been built for 40 years to be resilient. but we've installed the mechanism in there and we have a collective understanding

these instruments are power not just for their own sake, cyber doesn't list for its own sake, but for societal persons. you've had most people, individuals, governments, leaning forward in the straps to make it defensible and defend it. that being said we're still open for a sucker punch, and not from many of you remembering from 2017, affected a broad population, that was not the intended victims. and russians going off ukrainians and ripped across europe and the world, and affected a great physical arm and also some confidence, the underlying nature of that architecture. if i worry about one thing going forward and we need to put action to this worry, is that we'll be comfortable that the last few weeks predicts the next few weeks, doesn't necessarily. and that we can be comfortable that we can defend ourselves

fully because we have an architecture that's well-defended. and we should not make the mistake that the present circumstance thatted adversary might come off, but that you have to come after all of us, not just one of us. i think that's where we need to be. >> last week we heard bill burns, the cia director, give a speech down in georgia and probably said the one in the administration that spent the most time with putin over the years, i would say. and what has really struck him is that putin's risk appetite has clearly increased over time as he's thought about his legacy and his goals of reestablishing spheres of influence. how does that apply to your mind that this increase in your area of direct concern is cyber? >> i know of no one better than bill burns to make a remark of that sort and i would support

that. marry that with the degree of isolation that he has, that vladimir putin has, that's a dangerous combination. if you're willing to take risks, but not fully informed about the lay of the land where you're taking that risk then that occasions surprises on the part of the aggressor and the part of the target. >> our sanctions are isolating him and he's cutting offer sources to the russian people for the obvious reasons. so in an odd way, does the isolation we're imposing here fuel that risk? >> i don't know that it exacerbates the risk. it certainly doesn't give him confidence that he has control of the situation. and in that regard, might make him perhaps then more unpredictable. so, i do think that we have to concern ourselves with that. but there are consequences to

actions. he's taken the actions that led to the consequences imposed on him and those who enabled him and i don't think that we would change that at the moment. >> so one of the oddities that we saw in public the way that your colleagues and the intelligence community dealt with the run-up to the war, was a declassifying of information at a pace we had rarely seen before. a decision to make that public in an effort to preempt some russian action. >> i can imagine you were thinking how would this have gone over when i was nsa. how do you evaluate that and how does it apply as you think about deterring future cyber action. >> last question first, i hope i would have been wise enough to do that. that having been said. what you've seen in terms of the government's response and not alone, but i'll just talk about this government, it's

important of two realities. the first is that in the realm of cyber space, the it's increasingly the organization, most of the critical functions that we care about as a society are generated, deployed, sustained, defended, by the private sector. they're the actors that are on the front lines of all of this. and the second reality is that if the government's in possession of what i would describe as actionable intelligence, it's only actionable if it's put in the hands who can action it, who can essentially do something about that. so the choice was natural choice to say how do we put this in the hands of the people who can do something about it. i'm thinking about the cyber lanes. there's an equally important lane of those who could do something about it. if this is actionable intelligence, it's timely and actionable. how do you make that kind of possible for somebody who action that? and we've seen a good response from that.

which is we achieved a degree of collective understanding that affected our sentence of shared strategic warning. if it put then various individuals, organizations, governments in a place where they then had this shared prospect that they needed to collaborate to understand further what the tactical warning would look like and we're now in the place where that collaboration is going to help us discover things together that no one could discover alone. >> you'll recall that during the obama and some trump years, that really during the obama era, the u.s. government was reluctant to name the russians when they got into the joints chiefs of staff and the white house and you and i talked about this when you were off and working at the naval academy and so forth. and our response was muted. and the trump administration was still in and president trump didn't say a word about it. he asked whether it could have

been china. do you think, looking back, that this reluctance to name and fame and all that emboldened the russians? >> that's a good question. i would say that those conditions to some degree, slightly maybe substantial, slightly different than the president, one, in the day attribution was harder and attribution was done from a cold start. we would see something happen and we'd chase that ghost into the murk, and figure out from a cold start who it was, what they did and our satisfaction in terms of confidence about attribution was low. and we also didn't want to give away our own insights, that's having deployed what we knew about, who was doing what in that space, we then just gave them an opportunity to disappear in some other dark corner. and finally, i don't think that we, at that time had a mature

understanding as we have today. maturing further. the need for actionable intelligence on the hands of those who can action it. we've essentially not come to that conclusion that this information is only useful if it then causes something to happen so that we can change the future. we can change the situation. so i think all of those realities, we have a much stronger hold on that today. we're beginning to practice that, maybe we could have done that sooner, but i think in the fullness of time, it tanks takes understanding, some muscle memory, practicing to get that to right. you don't want to careen into that space. i think we've over the years-- >> in the context of the 2020 elections, cyber command came out and announced some things that they did to disrupt the russian activity, disconnecting the gru and others from some of their activities and so they

haven't said much about what they've done in ukraine and i know you well enough, i don't expect you to provide us comprehensives today. if you look across and even if you can't discuss the details. do you think that the united states contributed in any way to the russians' troubles in mounting cyber activity in ukraine and around or why effective at it, i guess? >> so you're right. i can't and i won't speak to the specifics. i think american citizens, like-minded nations and citizens should understand if they have an expectation, their governments are taking appropriate actions using all instruments of power, diplomacy, legal remedies, leadership, and cyber is one of those instruments of power, then they should be confident that those tools are being appropriately used, not least of which are the defensive tools that say how do we create resilience. how do we create a proactive on

defense architectures, and the message in part is a message to the russians, declaring what it is we're prepared to do and doing. and therefore, has some ability to change the decision calculus. and not using the word deterrents because that's a fraught word, but we need to make sure that they understand what we're prepared to defend, under what circumstances and how. it's also a message to the american people or those who we would defend to say that we're in this, and we're essentially taking the appropriate actions and i think looking back across my 40 years in this space, i would say that i've observed three ways of attacks that of consequence, and they're actors or events, but rather to eras. 40 years ago, it was attacks on the secrecy for the availability of the integrity of the data in the systems. we called these kind of

confidential in the day and we figured out how to defend the data or the process and the data. you might have considered if you had defended the data, it was job done. we later realized there was a second wave of attacks, because it's not the data that's important, but it's the extraction of that and allows us with the critical function or the personal functions that we built the internet to do in the first place. the flow of electricity and the extraction of that into the coordination of personal functions and the extraction of that, dependent on the infrastructure and attacks on that, which were kind of growing by leaps and bounds 20 years ago, require a slightly different strategy. you've got to do everything at the first level and the second level and affect the collaborations because the functions are essentially result of collaboration, across society and often in the case critical function between the government and private sector. so you had to do something more, and the third way of attacks and kind of brings me

back to your main point is the attack on confidence. think about what was happening in the election of 2016 or 2020, and the russians might have been perhaps doing things at that foundational level, stealing e-mails, hacking into various servers and running troll farms, but it wasn't about the data, it was about abstraction of that into an election system. if you want to defend of the election systems, that's between the locals and-- fundamentally it was an attack on do the american people believe that the election system served their purpose, that democracy is still intact and can actually have confidence in the underpinnings. if you address that, you've not to make sure you're not just addressing the actor that might hold that at risk or confidence

shaken, saying, no, we're doing what we should to defend this space. we're defending with a stout defense all of those things to include our principles on top ever that. so the messaging, i think, you've heard is as much about speaking to the aggressors in this space as it is about speaking to the victims in this space because somewhere between the two, we need to make sure that we have thought leadership that gets us to the right place why we care about this space and what we're doing to defend it. >> so, with one of those questions, the chinese government, i think i would be delighted of the events of the past couple of months because it has soaked up so many of the thought processes of the u.s. and other western leaders, you haven't heard much about them. but you have been working away in the administration on the new approach to china and you've got some big announcements coming up on that. i wonner did if you could just

give us a sense of how you look at dealing with the chinese cyber threat in particular, differently from what we've just been discussing with russia. because it's a different actor with very different goals, very different approaches. >> first and foremost, imagine that for the chinese, like the russians, like the americans, cyber is an instrument of power and imagine to what purposes they would apply that which immediately points bock to the geopolitics, much less the policy. you have to look at the purposes and what they'll do with this tool and other tools to essentially achieve the purposes. this is at the end of the day not just a contest of economics, but of geopolitical systems and i think that our concern, with the chinese as they deploy technology, is sometimes about the quality of that technology or perhaps the features that that technology that increasingly, it's about

the legal system or the economic system that actually delivers, deploys, and extracts value from that technology so we need to make sure that we continue to remember that and kind of winning that competition is less about saying no to that technology or that geopolitical system and more about actually filling that vaccine with something of our own creation. right, so technologies that we can have confidence in. and geopolitical that we can have confidence in. we need to win that in affirmative rather than the negative. >> foreign affairs a few months ago, a fascinating piece i would commend everybody in the room even if he didn't appear in foreign affairs. the publication of this institution. and you said here that it should come as no surprise that many cyber policies proceed from a fundamentally negative framing that cedes to the

aggressive and places in market incentives. something jumped out at me when you wrote it. so talk to us a little about what it means to take that initiative back, particularly in the context that we've just been discussing. >> well, i'll borrow a quote from a friend and colleague in this space, jeff moss, who's of defcon and blackhawk fame and often starts his talks with a question which seems to be a wide discussion and brings it back to the main point. why do race cars have bigger brakes and pause, this is a cyber talk. and he immediately responds, so they can go faster and launching in the talk, why do we have cyber not for it's its own sake, for a larger purpose, achieve our personal as evaluations, our societal aspirations our business aspirations we need to stop anything about the threats, we

should address them. but why did we build this in the first place? whether they're digital, societal or everything in between. we did a good job developing a vaccine and deploying that. things unimaginable the last 10, 20 years ago, why? because the system that we have conducts data and scientists and other ways that are almost impossible and so many similarly positive aspirations about the space and need to think about getting back on track to say this is positive that should drive our thinking in this space and imagine, what's the cost of that. right? the cost of that if it's not about cyber, but if it's about the aspirations, to build the resilience in and so we'll have confidence to deliver what we expect and that resides not just in the technology, but in the people skills, as we're up to the game and the doctrine. do we have the roles and the

responsibilities right. and that's kind of a vernacular in the cyber realm. make the capital investment as opposed to the operational exercise. we shouldn't wait for three alarm fire to respond. and these are resilient and having done that, they will be defensible, not secure, we need to actually defend them. that's a human proposition and we need to approach that, in the article, with a degree of collaboration. no one can defend the space on our own, even the government, especially large regions of private sector its own. we have to imagine it's only collaboration that will allow that. we overestimate what the governments knows and underestimate what the private sector notice. and big deals, we have to reimagine what we built this for, and achievement real --

finally if we're going to be where to defeat one of us, you have to beat all of us. we have ask the question, what do we owe each other, for too long, individual sectors who look at this, the place is-- cyber space has trouble in it, but up to someone else to reserve. we need each and every one to participate in our own defense. and that's what the article is about. if it's unduly positive, unless we have the strategy, we'll be continued with the transgressors and obsess what he is going wrong in the steph. self-determine where we need to go. >> you drilled down one part of that, the last part of your secretary, with your phrase, market incentives aren't enough. i think you've seen the

administration play that out in the china case, if you look at the china bill which has been struggling its way through congress since it was first passed by the senate back in june. it's full of industrial policy, industrial strategy, no one wants to use the word industrial policy, but 55 billion dollars to the semiconductor industry, money into artificial intelligence, quantity quantum. and if this is clear what the chinese are investing in and made in china 2025. why has it been eight, 10 months to get through the senate vote to something that you can begin to implement here? >> let me kind of talk about that in two tranches.

first, in terms of market forces they're very, very important, especially in this society and so we need to give it its due. and then i'd say the continuum we found in other aviation safety, come quickly to mind. there's a certain degree of self-enlightenment that comes into play and kind of manufacturers say that this is a better idea and somewhere between public service and the ability to build a market, they say we should do these things based upon my own insight and my own innovation. market forces can get you a further distance down the road and competition comes into play and users will prefer things that are more intuitive, perhaps safer. and more resilient and robust. we determine there are nondiscretionary features of cars, airplanes, therapeutics, drugs and we have to step in, we can't leave this to chance

or some point might end up in a bubble or in a dark corner. and the latest touch, specify what are the nondiscretionary features, and we'll done it, and we'll do it. and where market is in play, but when we determine health, life and safety from the digital structure the same way that it depends on airplanes, cars and the second tranche, 1.3 trillion dollars the jobs act. about to invest in what most people think a largely physical world and to be sure there are physical manifestations of the infrastructure. and i suspect that every bit of that is dependent upon digital infrastructure. if you're a bridge, emergency-- imagine you're a bridge and maximum efficiency, lighten the

components for understanding the bridge, what the load and the weather might be to determine that bridge. that is something that has to be considered with cyber resilience not just to protect itself against the vagaries of future, but add those that wants to hold it at risk. >> two other things before we open up quickly to our audience here and virtually. one of the interesting characteristics of the time period particularly since the yoouk war has started we've seen the technology community begin to take sides more with the united states, with western

values i think before. a few years ago, not that long ago, google employees rejected the project maven, artificial intelligence related pentagon project related to drones. now we're seeing not only tremendous collaboration during a time of war about the banning of russian-based websites. a lot of russian news sites and so forth. you've seen this play out in your jobs at nsa and the interim before you came back to this job. where are we between identifying tech companies as international players with no real national identity, and what you've sunny now? >> i think the common under pining of both of the areas you describe are the values underneath.

choice of vls values and i think the united states finds that agreeable that we stand for the values and principles in our case, sort of our constitution and particularly the preamble and if you choose that those are the values that you would sign up for and support, then you're signing up for alliance, collaboration for something that endures across time. the administration's come and go. political parties come and go. but the values endure across time. what you've seen is a stark contrast between the values on the side of the russians, but the launch defense by the ukrainians and those who enable them. and i think it's drive as deceptively geopolitical choices. >> one thing i wanted to ask you about an interesting debate that's taking place within the white house and within the

cyber infrastructure there, you may recall that during the trump era, there was a memorandum. i think it was 13, which while vastfied was described by john bolten, at that time, the national security advisor, trying to take the decisions on offenses, not entiring offenses issues, take it out of the white house and push it down to the war fighters and cyber command and so forth. this was in response to a concern, a legitimate concern during the obama era, that there was so much debate with so many players about each action, that the system got gummed up and decisions weren't made. as we hear it now, there is an effort within the white house to think about how you could go rewrite that and maybe bring some more of that decision making back into the white house.

presumably without the bureaucrat particular troubles. tell us about that, where it stands, what the parameters of the discussion are. >> so, as you would know, it was classified then and remains classified now so i'm not at liberty to say except the following, when that was published, kind after classified document inside the government in the year 2018, it was part of a trifecta. i think occurred simultaneously, they weren't form hally coordinated or synchronized in that way and we have to reset that domain, first the passage of law, the national defense authorization act of 2019 which described cyber as a traditional military instrument. traditional military activity, not so much opening the space to say we therefore need to conduct in cyber space, but saying it's another instrument

used by the military, kind of aligning that with the other modalities that the military has, saying that this could be and should be used as an instrument that the military can be used to bear, con trained by the same purposes and constrained and influenced. there was this concept of engagement and forward defense and brought cyber into play the same way we used diplomatic. and discernment and engagement of problems that hold us at risk such that we can have the highest possible threat under rule of law that were threats to us, it wasn't about cyber offense. and that leads in the middle, john bolton's description, a

mechanism by which to understand how do we properly give authority to the defense operation cyber operations under the rule of law with our values and principles in context with the other principals of power. and that's a national security or national policy memorandum that essentially governs that space. ... it continues to occupy its proper place. the goal is to reconsider that and say is there anything we have learned that would cause us to adjust the placement of that instrument in the context of all the other i'm not at liberty to say what that review has led to a what the internal from the document are but it's more about context than it is about any single threaded instrument or setting up a silo. >> and would the result the authorities may have been

delegated previously are now brought back into the white house approval ahead of time? >> the results have greater confidence that instrument of power is properly applied in context of all other instruments. >> we will turn now to our members here to join us in questions. i think our first question is going to, from virtually, but to ask a question please click on the appropriate spot on your screen and will get to some here in a moment. we're just going to go to the virtue went first. do we have a virtual question ready to go? >> we will take up virtual question from abi inman. it toou te.

the absence of a cyber -- ukraine and all -- the value the russians are putting on the intelligence they are collecting another ukrainian forces they are fighting -- the social media -- are there aggressive propaganda -- disinformation campaigns both in ukraine and the west get higher priority at this point? dir. inglis: it is nice to see you virtually speaking. i think it is possible that the classic intelligence gain loss consideration is informing the russian decisions.the only thing i think that would counter that is what we have seen in terms of an almost reckless application of kinetic power, the bombs and explosions that routinely occur in a seemingly indiscriminate way.

none of that i could offer an insight based on classified intelligence, but i think you properly deduced that there might be an intelligence gain loss proposition in their hands. david: we will go to a question right here. you, yeah. >> two weeks ago today, the attorney general and the f vi director -- fbi director announced a takedown of the cyclops, attributed to sand warm, from the russian gr you. do you anticipate there could be any retaliation from that active offensive measure to disrupt the botnet? do you think there will be opportunities to repeat that and do you view that as a possible model of successful public-private partnership in helping bring that down? dir. inglis: the short answer

would be a modified yes to all of those. for those that weren't paying close attention to that, what that was is under a court order, the department of justice separated the command and control elements that had been installed by what we believed was the gru that would command the botnets to achieve some no good purpose. it was nothing but an illicit purpose associated with the botnets. i thought it was instructive about what we might do in the future. it was done under the rule of law. it was affecting command and control elements that were on a very diverse set of platforms, so that you could not have gone around and knocked on each and every one of those doors to say i would like you to remove that. it was done with the lightest possible touch. it did not go in and destroy data or offer it across processes. it removed the link between the command and control and the

botnets, which had been set up for a valuable purchase -- purpose. it had a high degree of leverage benefit to a broad population, which i do think is a good model for public-private collaboration. rule of law, the lightest possible touch and the broader set of beneficiaries. i hope we don't have to do it again. i hope the message to what -- to those who try to repeat the exercise is it will be harder and harder for you to succeed and the cost will be too high. it remains to be do seen what that the decision calculus is affected by that. david: we will go to another virtual question if we have one. >> we will take a virtual question. >> thanks for taking the time. one of the challenges of cyberspace is that things can change very quickly, bad actors

are constantly evolving by trying new techniques and moving in spaces where it can be difficult to enforce actions against them. as they innovate, our capabilities will be the same, but bureaucracy can get in the way. i know your role is meant to change this with regard to public-private collaboration. how would you view the nature of this challenge and how could you work toward ensuring peak innovation of transgressors does not outpace our capabilities? dir. inglis: what a great question. broadly, we have been crowd sourced by those aggressors. they are very agile and enterprising, they are set up to do ransomware which connects various and sundry parties who probably don't have a physical relationship, but yet they collaborate against us. we need to turn the tables and

crowd source them, which is why they need to beat all of us to beat one of us. you point out the difficulty of doing that in the light of day with bureaucratic and all manner of other processes to try to govern the speed at which we affect relationships. i would say we need to reconsider what the nature of collaboration is. i would point to our british friends with the national cybersecurity center. we tried to replicate this and are trying to at the joint cyber collective. don't wait until you think you have something in hand that you know is valuable to some other party. that probably is too slow and you don't have enough insight into what is to valuable in somebody else's stovepipe. let's collaborate at the lowest possible level. so that some kind of half of an insight or shard or shred is

compared and contrasted in real-time across these very diverse organization, private and public sector combined so that we discover something that no one of us would have discovered alone or we would have discovered too late to make a difference. the department of homeland security organization, the cyber collaboration center, it is happening across sector risk management agencies and at the fbi, where each is engaged in an increasingly coherent fashion to say, how do we compare and contrast our various insights? having said all of that, what i've described is a model for collaboration in the response phase of this. we have to have an equally adept collaboration phase, so we consider, how do we build resilience and robustness into the systems? how do we get the people skills

right? how do we get the technology right? how do we make it such that it is less likely that these events occur? we don't have to wait for the two alarm fire to affect collaboration. it affects supply chains and all manner of commodities that populate those supply chains. that is the next chapter of this collaboration. david: solar winds was probably the most interesting example of an organic element of this. it was a case where they detected this in a moment of transition. we have been waiting around for probably more than a year for the big lessons learned report from solar wind. what do you think we should extract from that? when are we going to learn a full accounting of that? dir. inglis: i think the lessons

were very clear very soon after. those lessons were taken aboard very soon after. if you look at the executive order published in may of last year, it was a broad set of activities mandated within the federal government and the supply chains that feed the federal government to say that these are the lessons learned about our previous experience in solar winds. you have to have multifactor authentication, segmentation, encryption, and so on. and practices that allow us to better defend the systems of systems. the technology modernization fund. $1 billion applicable. when you see people begin to reconsider in the private in the public sector what is the nature of our collaboration in defending supply chains, which was the biggest lesson of the solar wind, nobody was defending

the entirety of the supply chain. when you see companies begin to show up and say, i want to have a collaboration with the federal government so that we can actually discover some things together that no one of us would have seen alone, those are all responses to that. i would not wait for the lightning strike. i would look at the fuse set of lessons that have begun to be affected. there are some further lessons in the fullness of time using scholarly research that can be done that would tease out something more, but i think we have begun to act. david: a question right back here, the young lady in the middle. we have a microphone coming to you. >> wonderful to see you. i'm from microsoft digital diplomacy team. my question is around the creation of a new cyber bureau announced earlier this month. i'm wondering how you envision

your office collaborating with the new cyber bureau in the context of what is happening with the working group and the ongoing cyber negotiations? dir. inglis: i think it is a fantastic construct. we all attended the ribbon-cutting from that. essentially describing what the role of that cyber organization would be. i think that diplomacy is a very important instrument of power, especially where it cuts across national boundaries and we need to bring diplomacy to bear on this to understand what we have in common with nations increasingly a lot in cyberspace, how we affect collaboration and how we define the procedures, protocols,

behaviors that we would prefer and bring those about been the largest possible community, the international community. my sense is that my office will partner richly with the diplomatic arm of the state department and that on occasion, you speak with and through that department. david: go to another one virtually. >> my question follows the earlier question. i would like to know a little bit more about how you see your role in geopolitical crises. when the solarium commission set up your office, the idea was that you would be the coach that newberger would be the quarterback on the field and that the danger was that the

coach would get too much into operations. since we are in our first major crisis with the ukraine events, how have you worked to this out and how do you see the role which the commission sketched out for you. obviously, you have to be involved in everything, but you have to be working out the structure from the government as a whole for cyber. tell us a little bit, how does it work in practice? we have now seen it in practice. dir. inglis: that is a great question, thank you for it. i would say that that question is only half as complicated as it needs to be, but the answer

is more settled. there are three roles that come immediately to mind. the analogy we have used in this space over the last nine or 10 months is that i serve as the coach and jenny stood he serves as the in the field quarterback. and newberger retains a special third role. i will describe those in reverse order. think about what the national security council does. necessary to bring about conditions, cyber is no different. it applies military instruments, the financial instruments to bring about the necessary desired positions. that is white and has been leading that engagement with the russians to assist us in

ransomware and so on and so forth. my job is inside cyberspace, not outside cyberspace, to be the coach that ensures that they are properly aligned, that they are inherently complementary and that they add up to something greater. do on the field quarterback is complemented by what the sector risk management agencies do. you well know that the department of homeland security engages broadly a lot of the critical infrastructure sectors, but so does the department of energy, treasury, defense with their respective lanes of expertise. we need to make sure that those are complementary that if you are looking back at the federal government from the private sector, you don't need to make this unholy choice of do i seek

out one of those or do i run the gauntlet figuring out how to peace story together, that the government knows what the government knows. it is slightly more complicated than that. you have to add in the threat response, but my job is to essentially make sense of the whole inside of cyberspace and apply the instruments of power outside of cyberspace. easterly has the resources to deliver the objectives that we have and i mindful that in most sports, the coach is not allowed on the field in the middle of the game, so i'm happy to bask in the reflective glow. david: a question right here. >> casting your eye forward. what do you think of the role of offensive and defensive cyber, the role of these tools as instruments of state power in

international relations. are we going to get to the point where we don't think about there is this cyber thing off to the side, at what point if ever do we think about this as an integrated component of the international system and the exercise of power as part of the integrated tools. i would be grateful for your thoughts. dir. inglis: i think we are there. maybe not in terms of the execution, but i think we are there. i thought 2018 was the inflection point where indicated that congress said, this can be a traditional military activity in the department of defense described it as an instrument of power for which purposes cyber action requires a cyber response. when you say cyber is an instrument of power, that says a lot. it might be the right response

for something that another instrument of power does, but it is not necessarily the right response for a cyber provocation. you have to put it on the field and say it has to earn its place . you have to consider its implications, applications and all of the threat contexts. should the state department have a bureau? i think that is a fantastic idea , so that we can ensure that cyber is properly considered in the statecraft that we would have with various nations. if this does not work in an international arena, i'm hard-pressed to imagine how it could work in a national silo. it won't work on its own in that environment. david: the analogy i have is airpower which took 20 years before people took a look at integrating in. it was by world war ii. dir. inglis: i was born and raised in the air force, so i was an air force academy graduate. i can remember them saying the

reason they took the air force away from the army is at the army considered airpower to be long-range artillery. i think we have left that era in terms of having a similar myopia about cyber. it has broader applications and needs to be considered in a broader context and held accountable to make sure it plays its role appropriately. david: we are running down to the end. there is a question right here. >> thank you so much for your time. my name is jessica and i'm from shift five. i appreciate your call out of the infrastructure bill and the potential opportunities we have with the infusion of resources to tackle not just the physical infrastructure, but the cyber resilience that underpins all of our physical infrastructure. i would be curious to get your particular thoughts on the cyber resilience of our commercial aircraft in the lacking cyber

intrusion detection systems and the liberal he -- inability to monitor aircraft onboard systems from a cyber attack. we talked about the cyber resiliency of aircraft versus our iphones, i think you can agree that there is a disparate cybersecurity method between the two. how does your role and the potential infrastructure bill address that gap of cybersecurity with regards to commercial aircraft? dir. inglis: i will broaden the question a bit to think -- to say i think it cuts to the chase in terms of information systems that run apps, that have general purposes, but does that also apply to operational technology? for too long, we have assumed that because it is physically distinct and it is not

observably well connected to the underlying digital infrastructure that somehow it is safe based on its physical oscillation -- isolation. that is not true anymore. that is the dilemma in the colonial pipeline. we are sometimes using exotic methods. whether that is satellites are all manner of other things. david: it was a company that shut down the operational -- dir. inglis: my sense of the colonial pipeline was that there was an abiding concern that because this thing was known to be on the i.t. side, let's just shut it down. it was a thoughtful decision, but with all sorts of consequences on the psychology of the people who thought they were going to get fuel that day, but that is a whole different story. we need to give equal time and attention to operational

technology. critical functions depend upon that to an even greater degree than they do upon general purpose i.t. we need to stand in and find out what is that that these connections afford transgressors the ability to do? how do we defend that, how do we write to size it to say it's build this resiliently and defended? they are increasingly intermixed in ways we have to think about that. david: the ot side of the council on foreign relations has a strict rule about ending in time. they have a particularly strict rule when there is lunch outside. so, i want to remind everybody who is here that there is lunch out there, if you have joined us virtually you are on your own for lunch. but in 30 minutes, we will begin another symposium.

i wanted to thank you, director inglis, for joining us today. your comments will be on the website for the cfr with a transcript for anybody who needs it at some point in the near future. i hope you will come back. i wish you good luck as you enter into what i suspect is a pretty fraught set of moments as we get into the next fave of the war. dir. inglis: thank you and i >> thank thank you, david. i would say goodoo luck to us. this is a shared collective proposition and i would say anything at the end of the day when he to imagine what thought leadership is required to compel intel, inspire us to each and everyone for participating in our own defense. nothing short of thatin is going to work. no one of usk. can defend all of us so when you did forget how we're going to do this together going forward. >> thank you very much, i think all of you for your great questions. [applause] [inaudiblebl conversations] [inaudible conversations]

[inaudible conversations] [inaudible conversations] >> the city returns today at 3 p.m. eastern. lawmakers will debate several of president biden's federal reserve nominees including lael brainard to serve as vice chair. also lisa cook who if conferring will become the first black woman to serve on the fed board. the house returns tomorrow at two p.m. eastern. later in the week members will vote on legislation to streamline the process for lending and leasing weapons to ukraine. the house may also take a president biden's supplemental request for military aid for ukraine. if it's ready for for action. watch live coverage of the house on c-span, the senate on c-span2, online at c-span.org or with our free video app, c-span now.

>> tonight watch the debate among the democratic candidates running for senate in pennsylvania. live coverage from dickinson college in carlisle, pennsylvania, start at 7 p.m. eastern on c-span, online at c-span.org or watchful coverage on c-span now, our free video app. >> next, the supreme court hears oral argument in george the mcdonough, a case concerning veterans denied disability benefits and the appeals process that follows. under federal law veterans are entitled to benefits for service related injuries or disabilities including pre-existing conditions aggravated during service. this case dates back to 1975 when kevin george was diagnosed with paranoid schizophrenia just months after listing as a marine. he received a medical discharge and filed for disability benefits but was denied. in 1988 congress voted to allow veteran affairs department