Preet Bharara: Hey, folks. I hope you find this conversation between Lisa and Ken valuable. As always, write to us with your questions and comments at [email protected]
Ken Wainstein: From CAFE, this is United Security. I’m Ken Wainstein.
Lisa Monaco: And I’m Lisa Monaco.
Ken Wainstein: Hi, Lisa Monaco. How are you?
Lisa Monaco: Hey, Ken. I’m doing great. How are you doing?
Ken Wainstein: COVID lockdown treating you okay?
Lisa Monaco: Oh, yeah. I’m surviving. How about you?
Ken Wainstein: I’m okay. Enjoying the flip-flops, and t-shirt garb, and no shaving, so it has its advantages, but looking forward to someday getting back out in the stream of life.
Lisa Monaco: Yeah. Well, last time we were on one of our Zoom calls, Ken, I noticed that you’ve got a serious beard going on there. I have to say it was a little more gray than I thought it would be.
Ken Wainstein: That’s being charitable. It’s funny. I last grew one 25 years ago, and it was flaming red. Something happened to the flaming red over the last 25 years. Funny how that happens.
Lisa Monaco: Interesting. Well, we’ve got tons to talk about. It’s been a jammed packed couple of weeks since we last spoke. This week’s episode of United Security we’ve got lots of actually cyber security and national security issues to discuss. We’re going to cover the recent Twitter hack, and the indictments that just came down this week against Chinese nationals for hacking a bunch of companies around the world, going to talk about a recent reporting about a executive order that is classified, but was reported on by Yahoo News about some new covert action authorities that it says President Trump granted to the CIA in the cyber realm. We got to talk, Ken, about what the heck is going on between US and China. I mean, this tit for tat keeps escalating. So, lots to cover.
Ken Wainstein: Lots to cover. Let’s start with the Twitter hack. Recent news that Twitter got hacked and some luminaries, Elon Musk, Barack Obama, Joe Biden-
Lisa Monaco: I love how you put Elon Musk ahead of Barack Obama and Joe Biden. I’m sure he’d appreciate that.
Ken Wainstein: Yeah. Well, I could have started with Kanye West.
Lisa Monaco: Exactly.
Ken Wainstein: But they all apparently got their accounts hacked, and there were fake solicitations for Bitcoin to be contributed. Some people actually did contribute Bitcoin. It looks like it was a scam and it was designed to scam people of their Bitcoin. It was not apparently, at least as the experts currently see it, not an action of a state actor, but still a pretty brazen crime and something that caught a lot of people’s attention, in large part because of how important Twitter is to our daily lives these days.
Lisa Monaco: Yeah. You know, my reaction, Ken, was it’s kind of ominous. Right? I mean, we joke a little bit that it was a Bitcoin scam involving Kanye West, Elon Musk, and the like, but when you think about it, if somebody can take over the accounts of these high profile people and you think about the amount of news that we get from Twitter, what we rely on it for in terms of everything from news alerts to serious weather warnings, if these accounts can be taken over for this purpose, a seemingly relatively benign purpose, although it did I think end up scamming out $120,000 worth of purported Bitcoin, but what happens if on election day a nation state actor or other malicious actors were able to take over these accounts?
Ken Wainstein: Yes. It’s downright scary. These are the most protected accounts there are.
Lisa Monaco: They’re supposed to be.
Ken Wainstein: Yeah. And they still got penetrated. I think your point is well taken. Look, Twitter is now a facet of life. It is the main medium of communication at least by this president. It’s actually been declared by a federal court as being a repository or a source of official records, because it is the way a lot of presidential statements are conveyed to the American people. It plays an important and an official role in our society and in our political life. To your point about the elections … and we have to be thinking about the elections. They’re right around the corner. I mean, it doesn’t take a lot of imagination to think that if people were able to do this, and it sounds like this was just some fraudsters, think about what a nation state bent on trying to disrupt our election what they could do.
Ken Wainstein: They could on the day of or on the day before the election send out messages that one of the candidates has withdrawn from the election or something crazy like that. Obviously it would be quickly disproved, but it would disrupt things, get people hesitating to go to the polls. Or they could announce that there was an outbreak of coronavirus in a particular area, maybe in a battleground state, to try to suppress voter turnout. I mean, all sorts of things you could think of that could and might well be done around the time of the election that could have really damaging impact on the integrity of the vote.
Lisa Monaco: I’ll tell you, in 2016, in the lead up to the presidential election, when I was in the White House serving as homeland security advisor, we were concerned about not necessarily a hack of Twitter, although you can argue it should have been on our radar screen. We obviously were focused very much on the ability of at that time Russia to sow discord and confusion about the election, and we were very worried about this type of disinformation and sowing chaos around getting to the polls and the like. I think this Twitter hack really makes you reconsider and should be making you, as officials, reconsider how should we be thinking about Twitter as a vector of attack and as a piece of critical infrastructure? Right? We historically think of critical infrastructure as the energy grid, the electricity grid, the water systems, the financial systems. Well, given the parade of horribles that we were just talking about, what does it mean for Twitter potentially to be considered critical infrastructure?
Ken Wainstein: Yeah. It is privately owned. It’s not going to be under government control, yet it plays a quasi-governmental function because of the way it’s used by our political leaders. So, I can see serious concerns as we head into the election. It’s not only doing what Twitter says they’re doing, which is trying to remediate whatever vulnerability allowed this scam to take place, but it’s also educating the American people. This is the most difficult thing about disinformation campaigns. How do you prepare the American people to somehow identify or weed out disinformation from real information? Very difficult to do, especially if you’re looking at a compressed period of time around an election.
Ken Wainstein: I think the government has done some of this, the federal government, but we really need to focus on just conditioning people to be ready for this kind of thing. Needless to say, since 2016, we’ve seen repeated instances of the kind of thing that we saw in the run up to the 2016 election. There’s no mystery that the Russians and others have been continuing to do this kind of malign activity and will continue to do it, everything from the intelligence community assessment in early 2017 that laid out what the Russians did in the 2016 election through the Mueller report, through the Mueller indictment, so the Russians who were responsible for a lot of that activity, through the most recent report of the British.
Ken Wainstein: You saw the British had a report come out, a kind of damning report of their own government and its inability to confront the threat of Russian meddling in their elections, which has then given rise to speculation about whether the Russians had a role in disrupting the Brexit election and the Scottish independence election, two very divisive elections, that if you look at it from the Russian’s perspective, they would have loved the opportunity to fan the flames in those two situations or to divide the British people. Anyway, that just came out recently, and it is sounding alarm bells for the UK system, but those alarm bells apply to us as well.
Lisa Monaco: You know, we’re talking about this latest Twitter hack, but this is just the latest example of what we’re seeing in terms of our systems and how they can be vulnerable. I was reminded, Ken, that we’re so focused on the headlines these days, and it seems like you can’t open up the newspaper without seeing a new report of a new cyber vulnerability, a new hack, whether it’s the theft of credit card information or the theft from the Office of Personnel Management years ago from the federal government, basically the hack of the US government’s HR Department.
Ken Wainstein: Got your information and my information.
Lisa Monaco: Yes. Many times over. But this issue is not new. Right? I was reminded that 20 years ago-
Ken Wainstein: When you were 10 years old?
Lisa Monaco: Yeah. Nice. Check’s in the mail for that little compliment. Yeah. This is not new. 20 years ago, President Clinton was president, I was reminded. I was a young staffer, relatively young staffer for Janet Reno when she was attorney general, and we were wrestling with headlines at the time of denial of service attacks. This was the first time this had really seized people’s attention. This was in 2000. We were fresh off having kind of made it through the Y2K fears that the whole infrastructure was going to crumble, because of the Y2K concerns. You will remember this, Ken, because you’re a little bit older than me. These were these attacks on at the time these kind of relatively new companies, Yahoo, Amazon, eBay, and they had experienced these denial of service attacks flooding their websites with traffic, such that they kind of ground to a halt. It turned out that the person responsible was a 14 year old sitting in his house in Canada going by the name Mafia Boy, but this was a major, major event.
Lisa Monaco: It prompted congressional hearings, big initiatives, and it prompted a meeting in the cabinet room that President Clinton convened all these tech titans and internet executives to discuss what we were going to do about this vulnerability of this relatively new thing called the World Wide Web. When we were preparing for this episode, Ken, I came across stories about this, and I was reminded that I was actually in that meeting. I remember going to that meeting in the cabinet room. I think it was the first time I’d ever been in there as kind of staffing Janet Reno for this meeting. In looking at the articles about this, I stumbled upon one of a picture of the meeting, and I saw myself sitting behind Janet Reno. I felt like I was having a Forrest Gump moment. That was a little trip down Memory Lane.
Ken Wainstein: That’s great. Yeah. That meeting, as I recall, it triggered some action, requests for funding in the cyber security area. It really got people’s attention, the hack and then that President Clinton convened that meeting.
Bill Clinton: The trick is going to be how to do what needs to be done on security and privacy and still keep it flourishing and growing, but we ought to approach this with determination, and we shouldn’t be surprised that these things have happened. It’s just a replay of what has always happened. Whenever there’s a new way of communicating, a new way of making money throughout human society, there’s always going to be somebody that tries to take advantage of it.
Speaker 5: Mr. President.
Bill Clinton: We’ll figure out how to deal with it and go on.
Ken Wainstein: I know there were a number of sort of organizational efforts by the federal government to deal with the issue in a way that it hadn’t been dealt with before, but despite your presence at that meeting, you didn’t solve the problem, and the problem continued.
Lisa Monaco: Yeah. Hardly. Hardly.
Ken Wainstein: Then we picked it up when we came in in 2001 with President Bush. Look, it’s just sort of trying to map out the evolution of our cyber defenses, when you realize that the government started to get serious around the time of the Mafia Boy hack. Then you go into the 00s, and I think you look back at that period and the federal government wasn’t quick enough and agile enough to deal with the cyber threat that was evolving before our eyes. A number of reasons for that.
Ken Wainstein: One I think was 9/11 of course happened in 2001, and so the focus was on all things terrorism. That was just at the time that the Mafia Boy hack it was clear that that was not an isolated incident. That was just sort of a harbinger of things to come, and also just as you know all too well, and our friends like John Carlin, who is a cyber expert know all too well, dealing with cyber at the federal level is very difficult, because it has aspects of so many different agencies and operations, and it requires so much concern about privacy that it’s very difficult to come up with silver bullets to deal with cyber threats.
Ken Wainstein: As you sort of look through the OOs, we probably didn’t get as far as we should have on the cyber front, and we remain vulnerable, and vulnerable to a number of actors, not only hackers like Mafia Boy and scammers like the people who did the Twitter hack, but also nation states. Obviously, one of the biggest threats is from China, and it has been that way for decades.
Lisa Monaco: Yeah. We should talk about the indictments that came down just two days ago against these Chinese hackers. Before we do though, let me give you one more fun fact, Ken, as I was taking my trip down Memory Lane about this Mafia Boy hack. Do you know who was one of the lead prosecutors focusing on prosecuting that Mafia Boy case?
Ken Wainstein: No idea. Who was it?
Lisa Monaco: It was a US attorney in San Francisco, who was at the time a guy named Robert Mueller.
Ken Wainstein: I’ll be darned.
Lisa Monaco: Yeah. See there? I stumped you.
Ken Wainstein: You got me. Okay. I will say this. If there was one sort of voice in the wilderness who was trying to focus on cyber issues in the early 00s, it was Bob Mueller.
Lisa Monaco: No. That’s true. That’s true. He was very focused on it early on, but fast forward. As we’ve kind of painfully observed, the Clinton administration, and the Bush administration, and the Obama administration did not crack the code on this, and the threat here only has escalated. That was pretty evident just in the last couple of days, when we saw these indictments come down against two Chinese hackers for hacking into the systems of literally hundreds of companies, governments, defense contractors, non-profits, activists in the United States, in Hong Kong, in a dozen other countries around the world. I mean, this is really yet another example of Chinese efforts to go after intellectual property, but it’s just an example of the threat we’ve been talking about. We should kind of unpack what’s going on in those indictments.
Lisa Monaco: I read that indictment as a former prosecutor, as I’m sure you did, Ken. There was a few things really I think to take away from it. From my perspective, what was striking about the indictment is … First of all, we should tell people. This was an indictment of two Chinese hackers. They’re in their 30s, according to the indictment. These are guys who were working both for themselves, I think to make a little money on the side, but also, according to the indictment, being used and deployed basically by the Chinese Ministry of State Security, so their intelligence service. They’re both kind of moonlighting and being used by the Chinese intelligence services. They were going after high tech information from companies, ranging from defense contractors, going after military satellite technology, to software, gaming code, to most recently probing biotech companies for research related to the COVID vaccine and COVID treatments, so a wide ranging effort and campaign to go after intellectual property, as well as going after dissidents, too, according to the indictment, in Hong Kong.
Lisa Monaco: This was a 10 year long campaign, according to the indictment, where they were seeking intellectual property, again, for their own gain, as well as for the benefit of the Chinese state. Really kind of a stunning piece of work by the prosecutors in this case, brought by the division that you and I both used to run at different points in our careers. Really an interesting kind of presentation, both about the breadth of the campaign, about the tactics that these hackers were using, kind of hiding their files, so that the administrators of these systems of these systems in these companies and elsewhere couldn’t see what they were doing. Really just an impressive piece of work, but also a real stunning show that the Chinese are very much still at this.
Ken Wainstein: Yeah. Absolutely. This is trademark Chinese economic espionage. For decades, they’ve made a policy of trying to hoover up everything they could possibly get ahold of. This is a good example of it. They got this operation. It’s a, as I think the prosecutors called it, a blended operation, as you said, that involves both straight out hacking for commercial benefit, as well as use of these hacking tools and operations for their, quote unquote, national security purposes, like identifying dissidents in Hong Kong and the like. They’re proceeding sort of on both paths using the same tools. It is astonishing the diversity of targets.
Ken Wainstein: A couple of things about that I think are important to note. As you mentioned, and as was highlighted, both in the reporting about this indictment and also in the preceding warning that was issued by the FBI and DHS, that the Chinese and others, including the Russians, are specifically targeting COVID research and health organizations that are doing research to try to come up with a COVID vaccine.
Lisa Monaco: Ken, I was really struck by that. I’m glad you mentioned that warning. That came out in May. Right? Just a few months ago. Do you think that …? And that was put out, as you said, by FBI and DHS. Do you think that that was basically those agencies trying to put out the information from this indictment before they were ready to unveil this indictment?
Ken Wainstein: [inaudible] It might well have been. I could see the calculation. You’re not giving anything up by disclosing it. As you know, there’s always this push and pull in the intelligence community and the national security interagency process between what should remain secret for purposes of building an investigation, but what also should be disclosed to the public in order to warn them, and prepare them, and make the public, or in this case industry, less vulnerable. In this case, my read of it is that they said, “Look. We got to get the word out. We’re seeing that the Russians and the Chinese are targeting COVID research. We got to let the pharmaceutical industry know that.” Look, it’s not surprising that they would do that. There’s nothing more valuable right now than a COVID vaccine. Every country would love to be the country that has control of that vaccine, both for its own people’s health, but also because it would be a financial boon. It’s not surprising that they would target that research.
Ken Wainstein: What is surprising though is that it sort of violates a norm of international conduct. This harks back to … Go out of the cyber space area, into the sort of traditional war space. The Geneva Conventions and just rules of war dictate that you don’t bomb each other’s field hospitals. You don’t kill each other’s medics unnecessarily. You don’t target facilities that have a red cross on them. By the same token, you would think that, I put this in air quotes, but responsible cyber actors who are looking to conduct economic espionage like this wouldn’t target operations that are trying to find a vaccine and save millions of lives around the globe, because of the disruption that those penetrations are going to cause to those operations.
Ken Wainstein: Every day that there might be a delay to the discovery of a COVID-19 vaccine, because they have to step back from their work to try to protect their systems, every day that’s lost is more lives that are lost. It does seem particularly appalling that there are reports that the Russians are doing this as well, but that the Russians and Chinese have targeted COVID-19 research. While we don’t know what they’ve gotten, we don’t know the extent to which those penetration efforts have actually hindered the vaccine, the prospect that it might is really pretty shocking.
Lisa Monaco: Yeah. It looks like from this indictment that we’ve been talking about that just came out a day or two ago, it looks like what they’re alleging in the indictment is that these hackers were probing or doing reconnaissance on these pharmaceutical companies that are doing this research, but at least by my read didn’t indicate that they’d been able to disrupt that or steal that research, but you’re quite right. This is kind of a frontier of competition, too. Whoever the country is that is the first to get to a vaccine or a useful treatment, that’s a big, both economic and reputation, boon. We know that China is trying to frankly make up for, kind of put a new PR spin on its original and frankly continuing lack of transparency about the coronavirus and its origins with doing a bit of its own PR campaign by providing aid or making a big show of providing PPE and other things to other countries. They’re looking for every angle to try and show that they’re a leader in this space. That’s going to include trying to steal other companies’ research.
Lisa Monaco: I think, Ken, we should kind of step back here and try and place this week’s indictment in context. It’s not the first time that the US government has leveled charges at nation state hackers, and it is a continuing … This is just the latest salvo in a continuing campaign by the US government to try and call out and name and shame, as it were, nation state hackers. There’s been a big debate about what’s the utility of that and kind of what are we getting for it? Right? How much benefit are these types of indictments yielding? I mentioned the National Security Division that brought this indictment, along with prosecutors in Washington State, who did the investigation, the FBI agents I should point out, the FBI agents and prosecutors in Washington State working with the National Security Division.
Lisa Monaco: This is a continuing campaign by the US government to engage in what they call kind of a China deterrence strategy, but it has its origins in, several years ago, another case, the first one that was ever brought against five members of the Chinese PLA, the People’s Liberation Army, for economic espionage against a number of companies. The investigation was started when I was the head of the National Security Division, and ultimately the indictment was brought and made public in 2014 and made big headlines, including wanted posters of these Chinese hackers, these members of the PLA in their uniforms.
Lisa Monaco: It was a big deal, because it was the first time the US government had named these hackers who were working on behalf of the Chinese government, directed by the Chinese government to conduct this espionage for economic gain and advancement on behalf of the Chinese government. But it really did prompt a debate about how useful it is in terms of deterrents to bring these types of indictments, because you and I are both former prosecutors, Ken. What do you think the likelihood is of getting these guys who just were indicted two days ago in this case we’ve just been talking about, what’s the likelihood of getting these guys behind bars or seeing the inside of a US courtroom?
Ken Wainstein: Right. That’s never going to happen, unless these guys are stupid enough to travel internationally, in which case they’d get picked up on warrants based on this indictment. You’re right. Unlikely those guys will ever see the inside of a jail cell, but look. I take the argument that indictments have their limitations in this context, this context being when the people being charged are members of a foreign government or working with a foreign government that’s then going to protect and never turn over those individuals. But, look, naming and shaming a foreign country for this kind of conduct can have an impact.
Ken Wainstein: You saw it in the 2014 case. Well, that, as you well know, that 2014 indictment, it opens people’s eyes about what the Chinese military was doing around the world. Look, it’s what helped to bring Xi Jinping to the table in 2015 and reach an agreement with President Obama that in sum said that the Chinese would sort of, both parties would refrain from using its government resources to conduct economic espionage, as opposed to sort of national security espionage, which is basically just a staple of national governmental conduct. An agreement was reached. It might be that there really was a diminution of that kind of activity from the Chinese, but I think, if anything, this indictment this week tells us that didn’t last. So, the naming and shaming might have had an impact initially, but the Chinese didn’t change their ways. They’re right back out there, and a lot of what is charged here is not at all national security kind of espionage. It is just meat and potato economic espionage, stealing for the sake of making money for China at the expense of the US and other western countries.
Lisa Monaco: Yeah, but we had lots of debates about this when I was still in government on exactly this point. Well, is this just, quote unquote, stealing, or is this a national security issue? I would argue that it absolutely is a national security issue, because although these guys were, quote unquote, stealing, they are stealing for the purposes of benefiting the Chinese nation state. For every bit that they steal and every piece of intellectual property that they steal, the Chinese government doesn’t have to expend resources, and capital, and time to develop that information, to develop that R&D themselves, and that goes directly to their kind of national security bottom line. I would argue that these things are inextricably linked, that it is an issue of national security. We had lots of debates on this when I was in government. Right?
Lisa Monaco: The question is, well, why bring these types of indictments? You’re just going to name and shame. You’re not going to be able to put handcuffs on these guys, and it’s just going to throw a lot of sand in the gears of the relationship. We’ve got economic considerations, and we want to get along and all of that. On the other side, there were arguments being made by folks, me included, saying, look, this is a national security issue. We’ve got to call it out, and we should be imposing costs. We should impose costs on the Chinese government and kind of call them to account. Now, the debate goes, well, these indictments, since you’re not going to be able to lock anybody up off of it, what’s the point?
Lisa Monaco: Our friend and former colleagues, Jack Goldsmith, has made the case and argues, look, these indictments, they actually aren’t useful. In fact, they can be counterproductive, because the more you unveil these things to great fanfare and don’t end up prosecuting anybody, ultimately doesn’t it show that in fact you’re weak if you can’t actually bring these indictments to fruition? I understand that argument. I don’t agree with it. I think that indictments can have a useful purpose. They are necessary, I would argue, but not sufficient. Right? They’ve got to be one tool in the toolbox of a number of things that the government can and should do to hold to account malicious actors, Chinese actors, Russian actors, you name it, who are both stealing our secrets and in some cases conducting destructive attacks.
Ken Wainstein: Yeah. Absolutely. I agree with you. An indictment has limited impact on the individuals in this situation and limited impact in some ways on the target government, but it is a mechanism for demonstrating to the world that we have the goods on the Chinese government and what they’re doing. You saw prominent in the coverage of the indictment that the prosecutors and agents made it very clear that this was not just sort of opportunistic hacking. In fact, it was very methodical.
Ken Wainstein: They took the various industries that were penetrated by these guys, the ones who were charged, and then overlayed those industries against China’s 10 year plan, in which they lay out their plan for becoming leaders in particular industries, particularly in advanced technology. Eight of the 10 industries that are laid out in that 10 year plan as being where China wants to develop, eight of those industries were ones where the hackers hacked into western organizations to steal intellectual property. It shows that this hacking and theft of intellectual property is part and parcel of China’s plan to become more advanced and to become the world leader in high tech sectors.
Ken Wainstein: Calling that out and making it clear that China is acting in a way that’s qualitatively different from other world actors is an important thing. Even China cares about how the rest of the world views them, and they’re trying to … They’ve got the Belt and Road Initiative. They’re trying to develop relationships around the world and try to become the sort of world leader in different regions. Having that out there is not something that’s good for them. I think the naming and shaming actually has its place, the naming and shaming that comes from an indictment.
Lisa Monaco: To your point, it does have some effect and it can have some effect. You mentioned the agreement that was entered into in 2015 between President Obama and Xi Jinping. The reason that agreement came about, because I know, I was involved in all the background to this, was it came after we had unveiled this indictment that I had mentioned earlier against the five members of the PLA. There was a long planned trip, a state visit by the Chinese leader to the United States.
Lisa Monaco: There had been a little bit of static in the relationship, as a result of unveiling this indictment, and there was a question out there as to whether or not the US government was going to also impose sanctions on these individuals, economic sanctions, and do another kind of round of naming and shaming by issuing sanctions against them. That was going to be largely a reputational hit to China, and if it were done right at the same time that the Chinese leader lands in the US, it wasn’t going to be a good look for President Xi Jinping, who wanted a static free, big state visit. As a result, as you said, the Chinese kind of came literally to the table to hammer out an agreement that got announced in the Rose Garden.
Barack Obama: I raised, once again, our very serious concerns about growing cyber threats to American companies and American citizens. I indicated that it has to stop. The United States government does not engage in cyber economic espionage for commercial gain, and today I can announce that our two countries have reached a common understanding on the way forward. We’ve agreed that neither the US or the Chinese government will conduct or knowingly support cyber enabled theft of intellectual property, including trade secrets or other confidential business information for commercial advantage. In addition, we’ll work together and with other nations to promote international rules of the road for appropriate conduct in cyber space.
Lisa Monaco: The agreement was that both sides would kind of forswear conducting cyber enabled economic espionage for commercial gain. Now, there was a lot of fanfare around the agreement, and I think it was an important step. At the time, both private sector and experts outside of government, as well as folks inside government, in the intelligence community, said, well, we think this agreement has had some effect. It’s resulted in a diminution of Chinese activity against our companies. But fast forward now a couple of years, when there has been lots of escalation of tension across trade, across technology issues, the South China Sea, the COVID debate, et cetera, that that agreement has long since been, it seems, ignored now. We’ve seen abundant evidence of it now just in this indictment this week.
Ken Wainstein: Look, I think we all agree that naming and shaming has its place, and it’s an important function. Along those lines, let me just give a shout out to John Demers, our old friend who now has the job that you and I had as assistant attorney general for national security. He was one of the ones announcing this indictment the other day, and his statement were great. A couple snippets of it, quote, “China has now”-
John Demers: China has now taken its place alongside Russia, Iran, and North Korea, in that shameful club of nations that provide a safe haven for cyber criminals in exchange for those criminals being on call for the benefit of the state, here to feed the Chinese Communist Party’s appetite for American and other non-Chinese companies’ hard earned intellectual property, including COVID-19 research. With the top cover provided by state officials, these criminals are given free rein to victimize law abiding citizens around the world. All of these activities, state sponsored theft of intellectual property and knowingly providing a safe haven for cyber criminals, run afoul of norms of acceptable behavior in cyber space, which the international community must address.
Lisa Monaco: I like the dramatic reading, Ken. Did he learn that at your knee? I know he worked early on for you.
Ken Wainstein: I think he’s far exceeded my PR skills. I mean, that’s downright Churchillian. That was good stuff.
Lisa Monaco: That’s a low bar.
Ken Wainstein: Yeah. It is a low bar. Yeah. NST has got some good speech writers since we were there.
Lisa Monaco: I’ll say. Now, look, all kidding aside, I think this China initiative, let’s be kind of very candid here, a lot of this is being done in an election year to kind of rattle the cages of who can be tougher on China. There’s plenty of good reason to be tough on China, so let’s kind of deal with the substance here. I would say the National Security Division under John Demers’ leadership, has largely kind of, it seems, tried to stay out of the politics, which is what it should be doing, and has really kind of methodically continued an approach, an initiative, as we’ve talked about, that started years before to really start focusing on nation state cyber activity, and bring these cases, shine a light on it, use the tools that they have at their disposal. Other agencies have other tools, and we’ll talk about that in a second. But they’ve kind of moved consistently to use the criminal justice system, to use legal authorities against these nation state hackers, and that’s, in my view, all to the good.
Ken Wainstein: Oh. It’s absolutely all to the good. Look, they’re sort of continuing the pressure on China and keeping the naming and shaming going. Preparing for this, I was thinking of I think it was 2007. We had a case where we had two different Chinese nationals who were involved with economic espionage on behalf of the Chinese government. We charged them and then ended up announcing them the same day. I was involved in that. US attorneys from LA and Northern Virginia, Eastern District of Virginia were the ones who handled the cases. We quoted the director of national intelligence, who had said that year that we were seeing economic espionage levels that were approaching Cold War levels.
Speaker 8: While there are entities from over 100 different countries trying to get access to our secrets and our controlled technology, there are a number of countries that have proven themselves particularly adept and particularly determined and methodical in their espionage efforts. The People’s Republic of China is one of those countries. As the director of national intelligence testified last September, China’s Foreign Intelligence Service is, quote, “Among the most aggressive in collecting against sensitive and protected US systems, facilities, and development projects, and their efforts are approaching Cold War levels.” We see that in the prosecutions we’ve been bringing to court lately. In the past six months, the Department of justice has filed charges in a half dozen cases involving efforts to acquire different types of technology, ranging from battlefield night vision equipment to accelerometers used in the development of smart bombs and missiles.
Speaker 8: We see that in the cases we’re announcing here today, two espionage conspiracies that reflect two very different schemes and approaches. One is the classic espionage network, complete with traditional element of spy trade craft, including foreign handlers, pay offs, cut out couriers that compromise a government employee, all of which resulted in the penetration of our government’s information security system and the passage of national defense information. The other is an effort to give intelligence taskings to an aerospace engineer who had a position in American industry that afforded him access to sensitive trade secrets on our military and aerospace programs. As I said, two very different approaches, but both with the very same objective in mind, which is to get ahold of our nation’s military secrets. These two cases plainly represent the magnitude of the threat we face.
Ken Wainstein: For the first time since the Cold War, China was involved in economic espionage of that degree. These are cases where the defendants ultimately plead guilty and admitted to the fact that they were engaged in economic espionage on behalf of China. China’s response was to actually lodge an objection and try to censor me and the two US attorneys for making this announcement. Their response is … It’s not like the old Cold War response, where when one country spies on another country, there was sort of a wink and a nod, and the country that got caught just says, “Okay. You got me. We’ll move on.” In the case of the Chinese, they just flat out deny it and then continue to do it. Sometimes you wonder what kind of impact this has, but only by continuing to call them out for this kind of activity and continue to show the rest of the world what they’re up to, that’s I think the only way that, to the extent that they want to be seen as a responsible world actor, that’s the only way we’re going to be able to [inaudible 00:40:15].
Lisa Monaco: The other thing I think might be interesting for people to know is I think that what we’re seeing, there are a number of different moves that we’ve seen this week on the China front that I suspect highly … I think it’s highly likely that these were well orchestrated. For instance, we’ve seen the unveiling of this indictment. We should remind people, this indictment was unsealed and announced as part of the press conference that you mentioned, where John Demers gave the statement you just read. They could kind of choose when to do this. Right? There was no kind of forcing function. It’s not like somebody was fleeing somewhere and they had to make an arrest and then go public with the investigation. They could pick the time that they unveiled this indictment.
Lisa Monaco: That comes the day before the US government announces it is shutting down the Chinese consulate in Houston, so we should talk about that. That was a big development, another big kind of thumb in the eye to the Chinese from the US government in retaliation. It was stated as retaliation for this hacking that has been done, as well as a number of other steps taken by the Chinese government to crack down in Hong Kong and escalation in the South China Sea and the like. Then we got word that later today the Secretary of State Mike Pompeo is going to make a big China speech at none other than the Nixon Presidential Library. Right? Nice imagery there, the president who opened China in the 70s. Pompeo’s evidently going to give a big China speech, which I’m sure is going to lay out a very tough case with lots of tough rhetoric against the Chinese.
Lisa Monaco: All of this is building a case, is clearly a planned effort to build a case to escalate against China. That kind of orchestration, what’s happening behind the scenes in the US government to get all of that in place, lots of meetings in the windowless rooms that you and I used to occupy and lots of orchestration between the diplomatics, the intelligence folks, the prosecutors and agents who are bringing the case we talked about, so lots of moving pieces and lots of orchestration to have this kind of drum beat this week of moves against China.
Ken Wainstein: Yeah. One of those activities that has apparently gone on now for a couple years is the president’s executive order and the CIA finding allowing for offensive cyber operations against particular countries, Iran, Russia, China, North Korea, which is a pretty significant step. It’s something that has been reported on to some extent, but just recently it’s come out, demonstrating that the gloves are coming off a little bit in the cyber space arena when it comes to taking offensive measures against these bad actors, which I see as a pretty significant step, because there’s always been some reluctance to be too sort of forward leaning when it comes to offensive, destructive kind of operations against other countries.
Lisa Monaco: Yeah. You’re referring to an article that I took note of last week that was really pretty explicit. It was an article in Yahoo News I think that broke the story, saying that President Trump has given the CIA authority to launch cyber attacks against a number of nations. The story named Iran, amongst others. This is a pretty big deal, if this story is accurate. Again, it was talking about what would be highly classified information, and it was broken in Yahoo News, as I mentioned. It talks about the authority that was purportedly given, according to this story, comes in the form of what’s called a presidential finding, which is, as you know, Ken, basically a document that sets out the objectives and the parameters for activity for the CIA.
Lisa Monaco: Here, what’s alleged in the story is that the CIA, by virtue of this authority by this finding, the CIA’s allowed to go on offense basically against Russia, China, Iran, North Korea when it comes to cyber activities. The report indicates that this is not just for intelligence collection, which is of course the CIA’s wheelhouse, but also to have potentially destructive effects in the cyber realm. This was a bit of a bombshell of a report, and this notion of having this presidential finding in the cyber realm, it seems, according to the report, is to give the CIA a lot more running room in this space, which has been a subject of some controversy in the past.
Ken Wainstein: Yeah. I think it is noticeable that this is coming out now, and it’s a shot across the bow to the Chinese, and the Iranians, and the Russians, and North Koreans that we’re getting serious. I think it sharpens the deterrent point, that if you mess with us, we now have the capability and we’re empowering our people to mess with you back. I think it’s a bit of an outgrowth of what we talked about earlier, the limitations on the other tools, the deterrent limitations on the other tools that are available to our government to try to deter these other countries. I think if this report is accurate, it means that as of 2018, the president decided that, look, we need to be more aggressive in this space.
Ken Wainstein: There have been other situations reported on, maybe not verified, but reported on, that destructive activities, like the Stuxnet situation, where allegedly we disabled, using cyber means, disabled the centrifuges of the Iranian nuclear operations. It’s the kind of thing that this would presumably allow more easily and more agilely, and in terms of process, it allows the CIA to go forward with a certain scope of defined activities in this space, offensive cyber activities, without having to go through the same level of assessment by the NASA Security Council for each individualized operation and thereby allows them to be more responsiveness, more agile, and frankly more effective and more dangerous to our adversaries.
Lisa Monaco: Yeah. Look, there’s historically been a big, kind of a burgeoning debate between whether or not there should be more of a take the gloves off approach. [inaudible] think. This seems to signal more of a take the gloves off approach. Then the evolution from the past efforts, where let’s be frank, the Obama administration was criticized for taking too cautious or a methodical approach when it came to cyber activities. Look, I think there was definitely an effort to try and put some kind of rules of the road and norms around our own behavior in cyber space for gear that we don’t start some kind of escalation game with our adversaries when it comes to cyber activity, when we, the United States, and quite vulnerable, as one of the most connected nations on Earth. Right? But I think there’s been a fair debate about whether or not the US should take a more aggressive posture. We’ve seen this evolution.
Lisa Monaco: The Trump administration has articulated what’s called a defend forward strategy, where the cyber command and other arms of the government would actually take cyber action outside obviously the United States against adversary systems for potentially to basically show those adversaries, hey, we’re here, and we can take action, to kind of show what could befall them if an adversary took certain actions against us. This has been a steady kind of increase in a aggressive posture, and all the while, a lot of calls on the policy side for the US to have a more pronounced deterrence strategy.
Ken Wainstein: Yeah. Look, I think that debate about the wisdom of being more aggressive with offensive cyber techniques, that’s a legitimate debate. It’s all about whether we’re buying more trouble by engaging in offensive operations than we’re solving. The problem with cyber space is we can never make ourselves invulnerable. Right? There are just too many openings for an adversary. We can’t lock ourselves down cyber-wise, so we’ll always be exposed. So, if we strike them, then they will have an avenue to strike us back. Another thing about the cyber space is that it allows for deniability. Attribution is very difficult in the cyber area.
Ken Wainstein: A lot of good work was done prior to the issuance of this indictment to demonstrate that these two guys were the ones who were involved in the hacking operations that they were charged with, but there are a lot of ways of cloaking who it is who’s behind a cyber attack. That makes it easier for a foreign government who wants to retaliate against us for our retaliation against them to strike us and do so without acknowledging it. You lob an ICBM over or send a division to attack the United States, we know what country it’s from. Right? When there’s a cyber attack, you might not necessarily know. It’s a little bit easier for the tension and the tit for tat to ratchet up, and so it’s a very legitimate debate. I agree that we’re at a point now, given how blatant and how comprehensive the Chinese efforts have been and have been for 20 years or more, but in particular recently, it is time to take the gloves off.
Lisa Monaco: Well, look, I think a few things are true. One, I actually think attribution is the government’s getting a lot better at attribution, both from intelligence sources, from cooperation with private sector. We’re getting better at it. I saw that over the course of my career. But it is certainly the case that adversaries are getting more aggressive and more willing to kind of show their teeth, as it were, as we’ve just been talking about now. This has become a new frontier, a whole new realm of kind of geopolitical one-upsmanship, if you will, between nation states, whether it’s for economic gain, national security gain, military advantage, for spying purposes of course.
Lisa Monaco: All of these are efforts that nation states are undertaking, but increasingly and sometimes not worried and wanting to be seen, showing that they can take these actions. I actually think the attribution issue is becoming less of a concern, but the escalation concern is definitely ever present, and we are just seeing the cyber realm being yet another kind of battleground, if you will, for nation states to tussle over. Nowhere is that truer than what we’re seeing in the escalating tensions and tit for tat between the United States and China.
Ken Wainstein: Yeah. Which I think brings us to the broader topic of the US/China relationship, which as been rocky since the communists came to power in the 1940s. We’ve had our moments where things have thawed somewhat, but we seem to be in a particularly fraught moment right now. You can date it back to the beginning of the COVID-19 crisis, when there was the accusations being hurled back and forth between China and us as to whether China was responsible for the advent of the pandemic, whether they were sufficiently transparent or not transparent, whether they were trying to hide the fact that it came from their country. Whether that’s the source of sort of the enhanced tension we’ve seen for the last few months or just happened to coincide with China getting more bellicose, they have become much more assertive in a number of different areas.
Lisa Monaco: I would argue it started well before the coronavirus, because that was just yet another chapter. Right? You’ve seen an escalation in tensions, whether it’s the trade war standoffs and ratcheting up in terms of the trade war tensions, and then the coronavirus was I think just another chapter in ratcheting up those tensions. But there’s no doubt China’s gotten assertive, more aggressive. Obviously it continues its repression of the Muslim minority in China against the Uyghurs. It is asserting itself, as we’ve remarked, in the South China Sea, continues to do so. We saw the passage of this security law impacting Hong Kong, where it really taking a repressive stance against protestors there and dissidents there, taking the same stance against Hong Kong dissidents that they’ve applied in their Mainland China. This is just kind of a continuing march of China trying to assert itself and be ascendant, I would argue, also, in the face of the United States stepping back from its own allies and isolating itself on the world stage.
Ken Wainstein: Right. You could speculate as to the various reasons for the Chinese being willing to be more adversarial. It could be they see somewhat of a vacuum with the US not being as engaged internationally as it has in the past. It could be that they’re trying to sort of solidify public support by being a little bit more aggressive and bellicose and trying to use that to discourage any kind of dissent within their own country, or it could just be Xi Jinping solidifying his rule in China to make the next step to become the dominant power in the world. But the areas that you just ticked off are very troubling, and Hong Kong in particular.
Ken Wainstein: It’s pretty astonishing. They passed that law that will allow them to take the same kind of repressive steps in Hong Kong as they take within their own country, Hong Kong of course being a democratic, economic center oft world that was handed over to the Chinese by the British, because it had been a British colony until the end of the last century. Maggie Thatcher negotiated the agreement that would give a 50 year transition period, up until 2047, for full transition over to Chinese rule, which was intended to protect the democratic institutions and protections that Hong Kong residents enjoyed.
Speaker 9: Mrs. Thatcher could only assure the residents of Hong Kong that their future could have been much less secure.
Margaret Thatch…: I think that we should have been negligent had we not in fact raised the post-1997 position as we did. We raised it. We have got an agreement which is acceptable overwhelmingly to the people of Hong Kong. That agreement will extend into 50 years beyond 1997. I feel we have done a good job for the people of Hong Kong. Just consider what sort of questions you would be asking me now had there been no agreement and a totally unknown future.
Ken Wainstein: As we see, that only lasted about half that time, because now we have any kind of dissent being repressed by this new law. I heard a report about somebody, a young woman, who was arrested just for having a free Hong Kong flag in her purse, so the idea of First Amendment type freedoms is out the window. That’s a pretty dramatic sort of thumb in the eye to the whole world. Hong Kong is a world city. They are unapologetically making it part of repressive China and doing so fully recognizing reactions the rest of the world is going to have, including the reactions from us. I will say, I’ve been heartened by the variety of reactions.
Ken Wainstein: You talked about Secretary Pompeo’s speech. We also had legislation passed recently that imposes sanctions on any individuals, financial institutions, and the like that in any way assist the repression in Hong Kong, that changes the trade rules to basically deny Hong Kong the favorite status that they used to have and put them on par with Mainland China, which is much more limited in terms of what exports they can receive, a ban on defense military high tech exports, which can hurt Hong Kong, because that could mean that some of the semi-conductor companies and other high tech companies will want to move off of Hong Kong if they can’t get the high tech information from the US that they need to run their companies. On a number of different levels, including, as you say, closing the consulate in Houston, our government is making it known that we don’t approve of what they’re doing in Hong Kong and trying to hit them where it hurts, which is economically.
Lisa Monaco: Now, what do you think about that move, the closing of the consulate? On the one hand, it’s quite dramatic. Right? There are reports that the fire department in Houston had to be called, because of smoke billowing out of the facility, presumably because officials inside the consulate, knowing they were getting kicked out of the building, they were told, “You got to vacate the building. We’re closing this consulate,” that they were likely burning sensitive material and classified material and the like. So, pretty dramatic move. The Chinese Consulate in Houston was of course the first such consulate created. I think it was in 1979, after the normalization of our relations with China. So, that’s kind of a big thumb in the eye from the United States to China. I’m curious, Ken, what you think about that move? Shades of the Cold War? What do you think China’s next step is?
Ken Wainstein: Yeah. Look, if you’re taking a look at the motivations behind our decision to close a consulate, they’re varied. Right? You alluded earlier to political calculations, and there are always political calculations to these kind of national security measures that are taken, but looking at it on its face, I read it as, look, we know that that consulate was being used for espionage and economic espionage. No question about it. These consulates are used to send out Chinese officials, security intelligence officials, who go out and try to insinuate themselves or recruit people to insinuate themselves into local industry, into research facilities, into universities where cutting edge research is being done to try to then acquire the information in those institutions.
Ken Wainstein: According to some of the reports, this consulate was sort of ground zero for that activity. It appears that it just got too active. I saw a number of reports of different arrests recently, where a number of people who were agents of China were arrested or charged for various types of economic espionage. My sense is that the government is sending the message to china, look, you’ve gone too far. We get it. There’s always a certain level of this, but you’ve gone too far. Sort of like an indictment, it will have limited impact. Right? Also, as you said, it’s going to invite a response. Just as we usually see when sanctions are imposed against one of the other powers of the world, they will probably impose a similar, if not slightly more serious, sanction against us. As night follows day, they’ll probably close one of our consulates or PNG some of our people. So, we’ll take a hit, but I think it was intended to send a message that we know what you’re doing. You’ve gone too far, and you have to pay a price.
Lisa Monaco: Yeah. I’ll bet we’ve got a number of diplomats and folks who work in our facilities around Mainland China who are packing up their things right now, anticipating that they’re going to be pronounced, as you said, PNG, persona non grata, which is diplomatic speak for saying get out of our country.
Ken Wainstein: Yeah. Maybe they’re all going off to the Chinese equivalent of Home Depot, where apparently the members of the Chinese consulate were seen by our agents going to Home Depot to buy big barrels that they could then use to burn all their secret papers.
Lisa Monaco: Right. Right. No. For sure. I would bet that they’re taking those steps, our folks in China are taking those steps now, being prepared to be shown the door, as it were, and as you say, as night follows day, I suspect that response is going to be coming swiftly. So, more to come on this.
Ken Wainstein: This tit for tat is going to continue. I’m sure that the next shoe to drop will be some dismissal of American people and closing of American facilities over in China, but one thing to keep in mind is that we have a one constant that sort of keeps things hopefully on somewhat of an even keel throughout all this tension. That’s our diplomatic corps. What we often forget in these periods of heightened tension between us and the Chinese or us and the Russians is that while we are sort of throwing bricks at each other, and calling each other names, which might be completely justified, and calling each other out, and threatening each other, we have a diplomatic corps whose job it is to, A, assert our interests, B, let the other country know when we disagree with what they’re doing, but, C, try to maintain a diplomatic relationship. It keeps things on an even keel.
Ken Wainstein: I guess I just want to take a minute, and I know you feel the same way, just to give a shout out to those folks, because it’s very difficult. I’ve never been a diplomat. I’m not terribly diplomatic by nature, but I have a lot of diplomat friends. I’ve always been impressed. I was actually honored to represent one not too long ago. I’ve always been impressed with how they take their personal feelings and sort of they put it to the side, and they go into their job recognizing that their job is to assert American interests, but also to engage in diplomacy, which is a very difficult thing to do in an environment like we find ourselves right now with China. For those people back here at the China desks and then over in China right now, I just want to applaud their efforts on our behalf.
Lisa Monaco: Well, I think that’s the perfect candidates and then therefore our unsung heroes for this week. We always try and call out those who aren’t getting sufficient attention or shed a little bit more light on the work that they do. I completely agree. The folks in the diplomatic corps who have to deal, quite frankly, with the fallout of these announcements of these indictments or the ratcheting up in the tit for tat. So, I agree with you. We should give them a shout out, and certainly they’re in for more rocky days in this particular realm.
Ken Wainstein: They sure are, as are the rest of us. A pretty busy day, but I imagine that two weeks from now we’ll have as much to talk about.
Lisa Monaco: If not more.
Ken Wainstein: All right. Well, look, that’s all the time we have for today. We’ll be back in two weeks.
Lisa Monaco: In the meantime, send us your questions at [email protected], and we’ll do our best to answer them in our next episode.
Ken Wainstein: Until next time.
Speaker 1: That’s it for this week’s United Security Podcast. Your hosts are Lisa Monaco and Ken Wainstein. The executive producer is Tamara Sepper. The editorial producer is Jennifer Indig. The audio producer is Nat [Weiner 01:04:42]. The associate producer is David Kurlander, and the CAFE team is David Tatasciore, Matthew Billy, Sam Ozer-Staton, Noa Azulai, Calvin Lord, Geoff Isenman, Chris Boylan, Sean Walsh, and Margot Maley.
Speaker 1: I hope you found Lisa and Ken’s conversation informative. Lisa and Ken will continue to break down politically charged national security news making the headlines, and we hope you will follow along. Try the CAFE Insider membership now free for two weeks. To join, head to CAFE.com/Insider. That’s CAFE.com/Insider. To all our insiders, thank you for supporting our work.