Skip to main content

tv   Discussion on Ways to Fight Disinformation  CSPAN  December 10, 2021 6:58am-8:02am EST

6:58 am
6:59 am
>> good afternoon. welcome to the american enterprise institute's wide web event on combating disinformation and information operations in the gray zone. my name is john, a nonresident senior fellow here at a.e.i. where i work or defense acquisition following a long career in the united states army. it's my pleasure to be joined today by dr. paul stockman, former assistant secretary of defense for homeland definance and america's security affairs in the department of defense. and a senior fellow of john -- of the john hopkins university's applied dissics did shall did-physics lab toamplet we are privileged to be joined by my colleague, a.e.i. senior fellow, elizabeth. dr. stockton's service as an assistant second for president obama put him on his current path of support to industry and government to meet emerging challenges and infrastructure
7:00 am
resilience, cybersecurity, and strategy planning. >> now that he's left office he provides strategy advice to major electric utilities, trade associations, and the electrical subsector coordinating council to help them strengthen preparedness against cyber threats. he chairs the grid resilience subcommittee of the department of energy's electricity advisory council, and serves on the
7:01 am
national association of regulatory utility commissioners task force on emergency preparedness. miss elisabeth braw's work focuses on defense against emerging national security challenges, specifically focusing on hybrid and gray zone threats. she published a new book "the defender's dilemma: identifying gray zone aggression." she is a columnist with foreign policy, she writes on national security and the globalized economy, and a member of the national preparedness commission of the u.k. before joining a.e.i., she was a senior research fellow at the royal united services institute for defense and security studies in london, where she founded its modern deterrence project. she has also been an associate fellow at the european leadership network, a senior fellow at the atlantic council, and at a global risk consultancy. she started her career as a journalist and has published
7:02 am
with the economist, foreign affairs, the times of london, and the wall street journal. she is also the author of "god's spies: the cold war espionage campaign in the church." in may of 2021, the congressional research service published a short report on deep fakes, reporting that such forgeries could present a variety of national security challenges in the years to come. while a crs report emphasized the political risks, including eroding public trust and the blackmailing of public officials, deepfakes also forewarned much more urgent, broad, and dangerous challenges for the future security of the united states. in military parlance, deepfakes are in form of deception, and deception is as old as recorded history. today, deception writ large, is
7:03 am
the achilles' heel that poses potential existential threats to the united states and our interests. flailing responses to the cyber attacks that forced the shutdown of the colonial pipeline underscores the importance of deterrence today. in contrast to the inconvenience of the colonial pipeline debacle, if ai systems for the united states military are undermined in the future, the threat could be existential, rendering our nation and allies open to catastrophic attacks. retrofitting fixes will not be an option at the time of attack, particularly if we are engaged in war or are on the verge of conflict. three concepts are useful for grasping the scale, scope, and character of what deception means in the context of military systems. first, americans must confront that information always has been and always will be weaponized by our adversaries. second, the exponential growth
7:04 am
of active and passive deception across all types of data and information that feed our national security systems is mirrored by the rise of disinformation more broadly, targeted at open and free societies. third, creative solutions will be required. fortunately for us, both paul and elisabeth have thought about how the united states should be organized to confront this crisis. paul has written a book on defeating information operations in future crisis and elisabeth has written an outstanding book entitled "the defender's dilemma." before we begin, i want to share some logistical guidance. audience members can submit their questions at any time this afternoon for our panelists to address during the question and answer portion of our program. you can send them to an email account or use a hashtag on twitter. the hashtag is #ioataei.
7:05 am
-- #ioataei the email is listed on the events page, on the aei website as well. the email is listed on the events page, on the a.e.i. website as well. without further delay, i would like to invite dr. stockton to share his opening remarks. dr. stockton: it is an honor to participate in this event. aei has been a source of cutting edge analysis of the threats posed by disinformation and, elisabeth, you and john have both proposed studies. i would like to start with a different cut at the problem. we are familiar with the ongoing chinese and russian campaigns to corrode public faith in democratic governance. there has been less attention to the risk that a severe regional crisis, adversaries will conduct
7:06 am
information operations to coerce our behavior. and above all threaten the u.s. public and senior decisionmakers that unless the united states backs down on the crisis and bails out on our allies, then we'll face catastrophic cyberattacks against the power grid, water systems, and other critical infrastructure on which public health and safety depend. chinese military doctrine and capabilities focus on achieving just these coercive effects. last week, john, you know, the pentagon released its annual review of chinese military developments. let me quote from that report. the people's liberation army seeks to employ digital influence operations, that is overt and covert influence activities conducted through the internet and social media platforms during peacetime and war. elisabeth, this goes to your important analysis of
7:07 am
understanding the dark gray zone, but also hybrid warfare, how from peace time to war, across with the joint staff called the conflict continuum, we can expect information operations to go forward. giving a conflict we should expect china to conduct "psychological warfare" to effect u.s. decision-making using propaganda, deception, threats, and coercion to effect the adversary. the adversary, of course, us. russia has an equivalent doctrine and capabilities to coerce u.s. behavior. today ukraine is facing coercive threats from russia. the deployment of additional russian forces along the border, designed to shape u.s. behavior, vis-à-vis ukraine.
7:08 am
and nuclear-capable russian bombers are flying over belarus airspace near the polish border. ongoing information operations are important, but at any moment -- in the taiwan straits, eastern europe -- we could fall into an edge of war crisis. let's get ready for operations designed to divide the west and discourage us from coming to the aid of those that we need to. the recommendations that elisabeth and john have offered offer a terrific foundation for defeating coercive operations, but much more remains to be done. i look forward to discussing those defensive options, and elisabeth, your ideas on deterrence, in the minutes to come. thank you, john. mr. ferrari: thank you, paul. i would like to now invite elisabeth to say her opening remarks. ms. braw: thank you. if i can add to what paul said,
7:09 am
because he didn't mention it himself, he has written a fantastic study. i think it is the most important study that has been written about electric grid security, primarily electricity, but it may seem like an irrelevant question until we don't have electricity. so, what i would like to talk about is what daily lives looks like for citizens in western democracies. liberal democracies. if we look at the situation in poland last year and lithuania as we speak, there is what is called the migrant crisis, but i would also call it primarily an assault on these countries, these citizens trust in their country's ability to run their countries, because the migrants are simply just a
7:10 am
tool that belarus, specifically lukashenko, has chosen to use to weaken these countries. what he is doing is suggesting the citizens of these countries, and by extension other eu states, that their governments are not capable of fulfilling the requirements of a government, including keeping the borders safe. what does that mean? i remember -- i don't know if anybody else on this call remembers -- on this event remembers the 2014 incident off the coast of stockholm. there was a suspected submarine intrusion and the swedish navy was sent to chase them out. as most of us are not experts in submarine hunts, it is an area where you can easily cede this -- cede disinformation which is exactly what russian media outlets and officials did, by suggesting it was not a submarine at all or that it was a nato submarine, or
7:11 am
the swedish navy had confused a sea animal with the intrusion of a submarine. all of this because we are not submarine experts because we are ordinary citizens was more successful than you might think it would be because it suggested, oh, the swedish navy is not up to the task. what does that mean? were a situation erupted, swedish citizens would not have faith in the armed forces. that is really quite something. it was the mere rumor-spreading campaign. disinformation campaign. the reason it is so successful, i think, even on what you might call a smaller scale, like the submarine hunt, or indeed the so-called migrant crisis on belarus' borders with lithuania and poland, is that today citizens feel empowered to have
7:12 am
opinions about sundry issues that they do not have expertise in. if we think 30 -- certainly 40, 50, 70, 80 years ago, citizens -- yes, they may have had an opinion about what they heard, but they didn't expect their opinion to count because they weren't experts. today, we consume -- we as ordinary citizens consume information that may or may not be correct, because we do not know how to identify disinformation. do not know how to verify the information that comes our way. based on this information, we make up our minds and then be able to broadcast our opinions to the outside world, whether that be our immediate family or especially our contacts on social media. that poses a really fundamental dilemma, i think, to western governments, which is, how do you run a country, especially in
7:13 am
a crisis, when your own citizens may develop opinions based on incorrect information, whether it is their intention or not, but anyway they develop opinions based on incorrect information can be fed by hostile states or can be fed by their friends who may not know better. at any rate, they develop these opinions and they may then form strong public opinion against whatever it is your government is trying to do. that is a challenge in peacetime, but even more of a challenge when conflicts or armed conflicts erupt. i don't have an answer to it, but i do have a potential solution, our education shouldn't stop when we leave high school, when we leave university because technology is advancing so fast, just as we have to keep our driving skills up to date, we should keep our
7:14 am
information skills up to date. for example, i think there is potential for public libraries to have information courses -- information literacy courses. if you attend them and complete them, then you get an information literacy certificate that you can put on your resume and that signals to employers that this potential employee is skilled or is certified to identify what information, what's real information. that skill should not be underestimated in the workplace. we should remember that companies, too, organizations of all kinds are affected by disinformation. it is important not to lose faith, considering the challenges to democracies. these challenges are so immense, but if we draw on the potential of our population to be part of the solution, if they are given the opportunity, i think many
7:15 am
will rise to the occasion. who wants to be ignorant when you can be a well-informed citizen? over to you, john. mr. ferrari: thank you, paul and elisabeth. let's start with some questions. elisabeth, let's start with you. the focus of this panel is on how the united states should be confronting information operations as a subset of gray zone aggressions from foreign adversaries. most prominently including russia and china. in your book, the defenders dilemma, you explain which state actors started undertaking gray zone actions in recent years. why is this the case? and how did covid-19 impact gray zone activity? ms. braw: it's the case because it's an attractive choice. we here in the west, where our vulnerability is in the hot seat, so we communicate to other countries that they should
7:16 am
essentially -- they should exploit our weaknesses. that is inevitable, because we are free and open societies and we are not going to tell our citizens what to say. nevertheless, as a result of the current complete lack of involvement by the population in national security, i think most people don't even realize what they say or do and how they react could have an influence on the country's well-being. people will happily share information because it is fun or entertaining, or juicy. whatever the reason may be. the reason they exploit this opportunity is because it's too good to pass up, right? we don't have the same opportunity with them, because their governments can tell citizens to a much larger extent what to say, what to communicate on social media, and in the case of china, people don't even have
7:17 am
access to some of our favorite social media companies that are based in the west. so it's completely opposite. i think of gray zone aggression as a soup. you can put in whatever ingredients you happen to have available. disinformation seems like a suitable inagreed yent to add to your soup. you add it but doesn't always have to add it. it depends on what you happen to have available. unfortunately, today, in most countries, it's an ingredient that seems -- it is almost like a staple when other countries try to harm us simply because our citizens have so little understanding of national security and their role in it. their negative role in spreading disinformation that can harm the country, but also a profiting role in making sure that the information environment is kept clean. i should say, in the u.s., this is on both sides of the
7:18 am
political spectrum. this notion of alternative facts exists among some people, but among other people on the other side of the political spectrum people talk about my truth, or your truth. how was that? there is one truth. there is even a common basis on which to debate or have a dialogue about opinions, then we are lost. i fear that if it continues the country will become ungovernable, which is in nobody's interest. i think if people knew the effects that they had on the country's security -- in this case, the u.s. security -- they would want to be part of the solution. and if i can just add, it is currently russia and china, because we are such a wide-open field, if another country decided it wished to weaken the
7:19 am
u.s., it could avail itself of this as well, because it is not particularly sophisticated. you don't need particularly sophisticated skills. one of the most powerful rumors spread originated during the cold war was at east germany's rumor that aids originated. it remains in circulation to this day. mr. ferrari: thank you. paul, your research focuses on information operation campaigns as a subset of broader gray zone challenges, which you call a dark gray zone. you also distinguish between i/o campaigns that aim to weaken u.s. institutions and governance and those that might shape u.s. crisis decision-making. what do you mean by the dark gray zone, and why is it important to distinguish between different types of operation -- information operations? are you on mute?
7:20 am
dr. stockton: thank you. let me rewind. i'm going to define the gray zone the same way elisabeth does in her terrific book. defined by the special forces community, gray zone aggression comprises competitive interactions among and within state and nonstate actors that falls between the traditional realm of war and peace. that's the gray zone in which we find ourselves today. but i'm urging we get prepared for the dark gray zone, that is when little green men start pouring across the border from russia into lithuania or latvia, when finally things heat up in the taiwan straits, when there is an elevated risk of warfare between the united states, russia, and china, we know from
7:21 am
social science research that in stressful events -- boston marathon bombing, horrific hurricane events -- americans turn to social media as their primary source of information. well, the bad guys are going to exploit that to the hilt and exploit the tendency of americans to want to stay on social media platforms that are conveying fear mongering divisive content. that is bread-and-butter for them. we need to get ready for a situation in which the american public is looking at social media, china and russia are using that to try to shape u.s. behavior, not only by influencing public perceptions, but by reaching out to everyone in the situation room, in the white house, with personalized messaging in order to shape their views, and above all to threaten the united states with punishment unless we abandon our allies.
7:22 am
we have to get ready for them also to move from the dark gray zone into an initial period of conflict, where they will begin to make good on their threats of disrupting u.s. and -- allied infrastructure, begin conducting demonstrative attacks against u.s. critical infrastructure with social media, portraying vividly -- and maybe with deepfakes -- and warning that more suffering will come, unless the united states caves in to the adversary's demands. mr. ferrari: elisabeth, a question to you, then paul, you can follow in what elisabeth has to answer. what are the examples of the most aggressive i/o operations conducted by either russia or china and their impacts? how seriously is the united states' senior security infrastructure taking the threats of i/o's?
7:23 am
ms. braw: i don't know that it is possible to grade. certainly, i think opinions would vary about the most successful campaign. let me give an example of a recent disinformation campaign that i think was extremely cunning because it exploited people's lack of knowledge about the issue at hand and that was when covid vaccines were first being developed. that seems like a long time ago, but it was last year. we all knew nothing about covid vaccines, just like we all knew nothing about covid until february, 2020. even then people were worried that this vaccine might somehow be harmful, and don't you think that russian media started publishing stories that were
7:24 am
then widely picked up by western media? not copied, but they were mentioned. the disinformation is being spread. but nevertheless, it gained enormous traction. even with negative coverage of it gained enormous traction. this russian disinformation, and, by the way, the same with china, essentially portrayed the vaccines being developed in the west as extremely harmful. not in terms of autism in that vain but it would alter your appearance, things like that. if you read information like that then you are concerned about covid, you are concerned about this new vaccine that will come your way, if you read that is going to alter your appearance you think, quite obviously by using it, it may only gain small traction in the
7:25 am
west, but actually -- and i don't think we need to debate the mask mandates and covid vaccines more widely, maybe, on this panel, but nevertheless it is a huge issue, and if you can only convince a small part of the population to act in the way that is detrimental to the country, then you have done harm to the country. i was interested, paul, in your views on how disinformation about covid vaccines are affecting u.s. armed forces. it is my understanding that they are trying to convince them to get the vaccine. it seems to me that is not time spent on military at hand, but as i said, i do not want to belabor the issue of vaccines, but just to say that it is one
7:26 am
of these issues where, including submarine hunts, where everybody can have an opinion, even as they know nothing about the details of the subject area. dr. stockton: john, i would like to tackle the second part of your question, and that is how seriously the u.s. government is tackling these challenges of disinformation. i think the government is doing a great job now ramping up the protection of the u.s. electoral system against foreign influence. in this last series of elections, showed significant progress. i think more and more we are getting better positioned in the state department and dhs to counter the ongoing coercive campaigns to corrode faith in democratic governments. in the realm of coercive operations in future crises, i see less progress. it's interesting, on the one hand, the u.s. military -- and, john, let me mention the day after veterans day, congratulations on your
7:27 am
distinguished military service and thank you. the u.s. military, as you know, is getting ready for transitioning of u.s. doctrine away from the physical destruction of the enemy's order of battle toward shaping the adversary's behavior and perception, trying to win in the cognitive realm as opposed to annihilation of forces. the u.s. military is transitioning towards this new information form, but i don't see u.s. defensive capabilities getting ready for the risk that adversaries will do onto us as we are preparing to do unto them. and that is crazy, right? given chinese and russian doctrine that i alluded to earlier, it makes no sense to focus only on ongoing coercive -- i'm sorry, ongoing corrosive campaigns and ignore the risk that hybrid warfare techniques, for example, that elisabeth wrote about,
7:28 am
so eloquently, might be adapted to very different circumstances of coercing u.s. behavior. mr. ferrari: yes, thank you. i will pick up on the point on how it is affecting the u.s. military. if we were to say couple of years ago that china or russia could reach into the u.s. military and eliminate 5% of the force overnight, causing the training and widespread readiness levels to go down, that is essentially what is happening with the vaccines and covid. in addition to spending time on it, the cost of separating people and the readiness levels lost and the skills lost will impact for years to come. elisabeth -- paul, you first and then elisabeth. we have recently seen the u.s. congress has had facebook hearings on their algorithms and how they amplify, perhaps, different messages.
7:29 am
given the blended nature of gray zone aggression and its impact on the private sector, to what degree should the u.s. government be offering support or punishment to industry partners to defeat coercive information campaigns and other forms of gray zone warfare? paul, you first. dr. stockton: we absolutely need to strengthen partnerships between the u.s. government and facebook and other social media platforms and operators. because in a crisis we know what is coming. we need those social media partners to block coercive messaging against the united states. john, i believe a template exists to borrow from. that is the ability of these platforms to filter and block child pornography and sexual exploitation of children. there are some models about how to clearly define what needs to
7:30 am
be blocked and then develop the ggb's to do so. we need to make progress with facebook but we also need to understand that many of these platforms have business plans that depend on conveying divisive, frightening content. that keeps americans on their platforms longer, so they will click and purchase more stuff, right? there is a fundamental, underlying conflict here that we need to resolve, because their participation in defending the united states from coercion will be absolutely vital. mr. ferrari: thank you. elisabeth, the united states had a pandemic plan before the pandemic, and that did not turn out too well. we have templates and plans. what do you suggest, giving this blended nature that the u.s. government will use to make sure it is something more than just a plan going forward?
7:31 am
ms. braw: yeah. in disinformation, how do you make sure it's not just a plan? i think as paul said, it starts by working with the companies. to date social media companies, and tomorrow they may be more additional companies. we should remember that even social media is changing quickly. it occurs to me that this is an area where the u.s., like every western country, has changed since the cold war. during the cold war it would have been possible for the government to go to ceo's and say, please do this, or please do that. we cannot force you, but you should do it because you are good citizens. captains of industry took great pride in the role their companies played in america and respectfully in other countries. now we have an environment, or a
7:32 am
generation of ceos, who not feel that responsibility. it may be because of the reporting requirements have changed, or company performance to shareholders. those reporting requirements have changed, so every ceo is the slave of quarterly reports. whatever the reason is, i don't think ceo's feel the same responsibility for doing the right thing for the country. as we know, mark zuckerberg has said many times that it is company over country. short of legislating and -- i don't know if even the best plan would be possible without legislative requirements for companies to participate. but nevertheless, even if we do not have legislation, a plan should involve regular
7:33 am
consultation with leaders of crucial companies, including -- especially in social media sector -- when it comes to disinformation. maybe it is a naïve hope, if i think if they were made to realize -- not through aggressive questioning by congress, through regular dialogue with the u.s. government, the immense role they can play, currently a negative role, but potentially positive role they can play in keeping the country safe, i hope they would at least take some of that into account. but i must say, i'm not too optimistic. i would be curious to hear paul's view on that. dr. stockton: i am optimistic, because it is so important we make progress. it is essential. the federal government can never
7:34 am
block objectionable messaging. there have been repeated supreme court rulings to that effect. last thing we want to do is throughout the constitution and our respect for the first amendment in an effort to defeat coercive messaging. we need social media companies to partner with the government to block this kind of messaging and narrowly define what constitutes coercive messaging. that is threats of punishment of united states citizens. understand what that is, then develop the algorithms and supporting technologies needed to defeat that. narrowly focus at, let's have it as a just break glass initiative. on a day-to-day basis these wouldn't be used, but when there is an intense crisis, over ukraine or whatever the crisis, then we would have something to fall back on. we would have some operational capabilities. above all, let's exercise those capabilities, because they are not real unless you exercise them first.
7:35 am
mr. ferrari: one of the points made by the proponents of information operations in russia, and in china is that there is no time period between war and peace. we live in this constant gray zone, and both of you have made this point. first off, how would you exercise in case of emergency break glass, when really we are in this constant fight? second, to elisabeth's point on these c.e.o.'s of a lot of these large tech companies, i believe a lot of them view their role as global in nature. if you look at facebook and microsoft and amazon and twitter and instagram, they are global firms and they are reacting to input and stimulus of disinformation from around the world. how do we avoid this gray zone warfare not just in the united states -- because it is one thing for the united states have a plan which may or may not work
7:36 am
-- but also different countries have different rules, so how do we look at this globally? paul, why don't you go first? dr. stockton: it is a great question, john. looking at the ongoing efforts of russia to weaken nato and to divide nato partners so that when a crisis comes we will be less likely to be able to operate under article 5, agreed that collective defense is needed, they are going to find a weak link in the alliance in order to delay and disrupt that decision-making, just as i believe they did so in slowing the western response to russia's invasion of oou crane and seizure of -- ukraine and seizure of crimea. i would like to take your point a step further. right now we are at risk of creating two silos of excellence. over here we have preparedness
7:37 am
for information operations. over here we have cyber -- we have improvements to cyber resilience for the electric power grid and other infrastructure. the bad guys are going to combine attacks. they are going to use information operations together with cyber attacks in order to coerce our behavior. john, we need an integrated defensive strategy that brings together traditional notions of cyber resilience together with defeat against information operations. and we need to do it with our partners. mr. ferrari: elisabeth, any comments? ms. braw: maybe just a useful case study. the efp in the baltic states, it -- after they had been left there for a while, it became obvious they were being targeted by disinformation and it was particularly -- it was directed particularly against the germans
7:38 am
in lithuania where russian media and anonymous accounts spread falsehoods about these soldiers engaging in neo-nazi activities, and really shameful suggestions that were being made. of course, we know that germany is very vulnerable to such accusations. this disinformation presented as information was completely inaccurate. what it did do was make completely obvious to even the lowliest soldier who is there that everybody has a role to play in defeating disinformation. you might think -- and, john, you are clearly the expert here -- one might think that the lowly soldier does not count. in this instance everybody counts.
7:39 am
commanders made clear to their soldiers that they needed to be really careful when they were out and about in these countries, and for example there was a story circulating about italian troops in latvia buying lots of alcohol. that, too, was incorrect. if you happen to be an italian soldier, you are going to have a nice evening and go out and buy some alcohol, well, you are not safe from that being turned into disinformation. the lesson learned, and i think all of these countries contributing troops have learned this lesson, is that everybody has a role to play. mr. ferrari: thank you. paul, let's pivot a little bit away from information operations to cyber attacks. they can be a combination of attacking the internet of things or ransomware in general, right? what are your thoughts in looking at the colonial pipeline
7:40 am
on how the install base of the internet of things has come together and how do we harden ourselves to make ourselves more resilient going forward? dr. stockton: colonial pipeline was an important wake-up call. i think ransomware is going to intensify the threat, because so much terrific ransomware is available on the dark web, and essentially off-the-shelf. i think that as we simultaneously strengthen our resilience against those day-to-day kinds of attacks, we also need to think about much more serious threats to come. john, again, because of your military expertise a lot of focus on one particular issue. that is, when the balloon goes up in the taiwan straits or the
7:41 am
baltics and we need to send army officers and soldiers from fort hood to the u.s. east coast ports, and then onto where they are going to be received and provide for forward movement, every step of that infrastructure might come under attack -- cyberattack -- by our adversaries as we are trying to deploy those forces, paired with information operations designed to tell the american people, you cannot win, you are going to lose, you are going to be punished. look at the disruption that is happening to u.s. transportation operations. you are doomed to fail. let's have a reasonable settlement to this conflict over the baltics. we need to understand how cyber attacks fit into u.s. military plans to prevail in regional conflict, and how adversaries will use information operations in order to encourage the united states to bail on its allies.
7:42 am
mr. ferrari: thanks, paul. great points. elisabeth, what about deterrence in general for both the harder side of cyber attacks first, and then perhaps the softer side of i/o? ms. braw: here, again, is where the wider public can play such a crucial role. and go from being a burden to being an asset. at the moment the public as a burden because governments are too afraid to articulate to the public that something dangerous could come their way. as a result we get situations like colonial, where people panicked because they were not prepared. they panicked and made the situation much worse. i also think that, in a sense, this is an opportunity for us to think differently about members of our fight who are overlooked and taken for granted.
7:43 am
colonial in particular highlighted that. it was highlighted by the ceo himself when he gave evidence to the senate. i remember specifically josh hawley asked, was there anything -- well, could you have switched to manual? the ceo said, well, we were lucky we had some capabilities and we were able to do something along those lines. but the more important point he raised was that neither colonial nor other companies today have the expertise to go fully manual in case of a cyberattack of various kinds, because the people who have those skills, as the c.e.o. said in the senate hearing, they are either retired or dead. i think, let's utilize the ones who are still among us and how about if companies went out and
7:44 am
found -- still have their names on their employee rolls -- they brought them back in as a force of contingency experts who would be able to take over in case of a cyberattack and switch operations that can be switched to manual, to the extent the equipment still has that manual switch. there would be able to operate that equipment and keep operations going, so that the company did not face the horrible choice of paying or going dark. they had a couple of older employees who knew how to operate manually and essentially with pen and paper they ran the company. mr. ferrari: thanks. one of the great things about the panel today is, elisabeth,
7:45 am
your focus on the defender's dilemma on deterring the aggression, and paul's in defeating coercive information go well together. we had a couple of questions from the audience. the first is -- and we will let, paul, if you want to go first, and then elisabeth. we talked about russia and china a lot. do you see rogue states, nonstate actors and smaller countries unfriendly to the u.s. or its allies rapidly improving their ability to conduct larger and effective i/o operations, essentially giving them what one might call superpowers to conduct warfare? paul? dr. stockton: you bet. the pace of technology now, the availability of deepfake capabilities, for example, is turning smaller states into very formidable adversaries. i think there is a level of analysis required here. the borrowing from the saintess
7:46 am
curtis lemay -- it is tempting to think, we can take care of the cats, we can take care of the kittens. that is we can counter china and russia, we can handle rogue states, but they may attack us in very different ways. prime example, countries like north korea and syria that are not part of the international financial system in a way that involves the united states, they may target the u.s. financial system, financial infrastructure, and use combined cyber attacks and information operations to create market panics and disruptive psychological effects, as well as physical effects, because they do not depend on the u.s. economy for their well-being in a way that is different for china. mr. ferrari: elisabeth, your thoughts. ms. braw: that was a very good example.
7:47 am
in a sense america has been spoiled over at least 75 years by its formidable armed forces. i think of national security as a combined shield. you have the armed forces, but behind that you have this softer part. that is where i think america has been a little bit complacent, because if you have the formidable part, why do you need to worry about the softer part behind it? it is a combined shield. what if the attack is not directed against the steely part? that is clearly something the smaller countries can exploit. and are exploiting it, as paul said. i mean, belarus is a country of less than 10 million residents. it has a terrible economy. it does not have very much. it has a friend in russia, you cannot always count on your one friend.
7:48 am
nevertheless, belarus is managing to cause alarm across the west. and spreading disinformation is extremely easy because, again, our citizens are not aware of the negative role they are playing in spreading falsehoods, but also the positive role they could play to keep the country safe. and then, if we think of other forms of attack, i think the incentive for now, especially following what -- following belarus' relative success in keeping the world on pins and needles, is that other countries with authoritarian rulers, they may experiment, we are going to cook up a gray zone soup. what's the harm? it didn't cost very much. mr. ferrari: i think america has been spoiled for almost 250 years, since its founding, right? we have two oceans on the east
7:49 am
and west and friendly nations to the north and south. until the 1960's there was no real threat that could attack the homeland. then in the 1950's forward it was the nuclear weapons of the soviet union, and more recently china. those were the threats. now any country, any person, any 12th grader sitting in a basement with these cyber weapons can actually target and hit our country. we have talked a lot about structuring. there is a question about organizing for battle. the question is, talked about forming a better integrated strategy defense against disinformation operations. what do you both think about how this requires a structural or organizational change, be it via nato, or american organizations? or is this a problem of how we do information sharing and coordination? so, are we organized for battle correctly? elisabeth, you first.
7:50 am
ms. braw: given an example of something i think would work very well as being pioneered by the czech republic. the flipside of what we are talking about, smaller countries being able to harm america and other powerful countries because they're using the gray zone so easy, the flipside is that america's smaller allies are also much more adept at innovating in the gray zone. simply because they don't have the resources, and the armed forces, to rely on at any given moment. the czech republic is pioneering something that i think is a great concept and that's the joint military gray zone exercises where they wargame with key companies in every sector, various contingencies. that has a psychological effect that the private sector in the czech republic feels, at least
7:51 am
moderately prepared, for whatever come the czech republic's way. for the armed forces as well. it gives the armed forces opportunities to exercise scenarios other than conventional military ones with actors they would need to work with in the gray zone crisis. i think that's something that the u.s. could learn from and that's, of course, the advantage of having allies. you don't have to always do everything yourself. you can learn from one another and adopt and adapt. mr. ferrari: paul, organizing for battle? dr. stockton: i think that nato has a robust organizational structure now, though i am not sure the article 5 decision-making structures are adequate for these kinds of combined operations. i say the bigger problem, john, i'd be interested in your thoughts, is we snead a concept of -- is we need a concept of
7:52 am
operations and we need playbooks, preplanned, ready to go, and exercised so that when, for example, china, as the pentagon described its doctrine -- conducts exemplary cyber attacks then uses information operations to incite public panic and disorder to magnify the psychological effects of those very limited attacks, what have we got in our playbooks? let's not be making this stuff up in the midst of a coercive campaign. let's exercise, let's anticipate, let's build new coalition defense operations not only in nato, but with our partners who are going to be essential for countering chinese aggression. and regional contingencies. mr. ferrari: paul, if i could pull on the string of your previous job with the department of defense and department of energy, what about organizing within the united states? you know that the military is either prohibited or does not
7:53 am
want to operate within the borders of the united states. yet the attacks are coming from external. how do we organize private industry, state and local government, the federal government, and the military to either pardon ourselves and deter it, but also to defeat these i/o and cyber threats internally to the united states? dr. stockton: the first step is to develop an assessment of the threat. our discussion today only begins to assess what is coming. without a threat assessment we are stuck in the mud. then i think we need to agree on some fundamental principles here. above all, uphold the constitution of the united states as we build defenses. against coercive information operations. and let's not get dod into the business of homeland defense against information operations. the department of defense is already busy with its existing portfolio. there are sensible constraints on the operations of the
7:54 am
department at home. let's turn to the department of homeland security, the federal bureau of investigations, other lead agencieses. let's make sure that they can effectively partner with the private sector in their existing portfolios of responsibilities, to build the kinds of defenses we don't yet have against coercive i/o's and combined attacks. mr. ferrari: we have about five minutes left. i would like to throw one question out for each of you to address. in a about a minute each. and then i'll turn it back over to you for closing comments, each of you. have talked a lot about i/o and attacks against people and information warfare. what about -- as the military develops more ai systems, how do we protect the ai systems from being deceived? elisabeth, you first. ms. braw: that is a tricky one.
7:55 am
if i could make a related point, again, every single one of us has such an important role to play in realizing the data we leave behind, or data trails we leave as part of our daily lives. it is not specifically an answer to this question, but it opens a new front for those who wish us harm. for example, think about that fitbit technology that was, until a couple of years ago, popular among american soldiers. the only reason we know it was popular among american soldiers is that somebody on t internet managed to figure out, using the company's usage worldwide, that it was being used in various deserts in iraq and who goes jogging in those
7:56 am
deserts or remote areas in iraq. well, that's how you knew that's where american soldiers were. if you think about the use of ai and how exponentially it is going to be part of our lives -- first of all, it is an opportunity for others to learn much more about us, either as collective groups of citizens and our practices, or as individuals. i will leave paul to address the deception of ai. we don't do deception at aei. again, it really comes down to everybody understanding that they may just feel like an insignificant person or cog in the wheel, but their data trail could be exploited by somebody wishing us ill. then if i may just make one more
7:57 am
point, so, speed is of the essence. that much is clear when it comes to disinformation operations and cyber operations. it seems to me that one of our biggest vulnerabilities is that we need a lot of time to conclusively establish what is behind the cyberattack or cyber intrusion, or disinformation campaign, and then a lot of time goes by. by the time we have established beyond a reasonable doubt that such and such government was behind and it's almost too late to do anything. i wish we could establish protocols that would allow us to act even without reaching the level of certainty beyond reasonable doubt. i wonder if we have to part with that self-imposed requirement? mr. ferrari: thank you. we are approaching the end of our time. paul, you can answer the ai
7:58 am
question quickly, then i also need concluding comments. elisabeth, we'll come back to you for concluding comment. dr. stockton: as china utilizes artificial intelligence to increase the speed and effectiveness with which you conduct i/o's and cyber attacks against critical infrastructure, we are going to need to develop ai defensive plans and capabilities to match their machine speed operations. and therefore, as we build those defenses, they will be prime targets for adversary subversion, manipulation of the data on which our a.i. defenses depend. everything else that is going to be essential going forward. so i urge a.e.i. to conduct a follow-on event on that very subject. mr. ferrari: elisabeth, any final comments? ms. braw: congratulations to our founders.
7:59 am
if i could just maybe hopefully give you a window into the future. companies are having digital friends, essentially robots you can have your house. you can talk to them. they talk about. lovely, since many of us live alone. how is that for an a.i. target? the amount of information our digital friends would have about us and also how those digital friends can be manipulated by somebody wishing us ill, that is a conversation for the next panel. host: thank you. this has been an honor to have both paul and elisabeth on. the work you have done for defeating misinformation is powerful and also very timely. as you know, i would also like to thank -- none of this happens with a lot of support. aei in general, and the staff
8:00 am
behind the scenes that helped put this together. from myself, paul, and elizabeth, thank you. until we meet again, thank you very much for everybody who
8:01 am

19 Views

info Stream Only

Uploaded by TV Archive on