 Thanks very much everybody. Professor Lawrence Friedman's keynote and this morning's first panel discussed strategy. And then just before the break, Bob Kaplan spoke to the geopolitical dimension. This afternoon's panel builds upon the previous presentations to discuss the challenges that we face today and are likely to face in the future. Now it's become almost axiomatic to note that we currently face one of the most complex, if not the most challenging security environments in recent history. These challenges range from continuing threats of irregular warfare to the prospect of great power confrontation. They include the changing character of war brought on by the growth and spread of precision weapons and the ongoing influence and spread of nuclear weapons. And they include the prospect of war in different war fighting domains, including space and cyberspace. So to address this topic, we have a distinguished panel of speakers, all of whom I'm proud to claim as colleagues and friends. Our first speaker is Professor Paul Bracken. Professor Bracken is a professor of management and political science at Yale University. He also serves on the chief of naval operations executive panel and on the board of advisors of the Naval War College. Professor Bracken has written insightfully on nuclear weapons throughout his career. He's the author most recently of the second nuclear age, a book that I recommend highly. He's also written managing strategic surprise, fire in the east, and the command and control of nuclear forces, as well as other books and articles. So to lead us off, Paul Bracken. Okay, thank you very much, Tom. It's really an honor and a privilege to be here again at Newport. Can you hear me okay in the back? All right. Just shout or throw something and be as rude as my undergraduates at Yale. Now, we have gentlemen and gentle women at Yale, but we'll get into that later on. So I'm really delighted to be here. It's just a great time to be tackling these issues among such a distinguished group of officers and scholars. So thank you for having me here. I'd like to talk about three things. First, what I'll call big trends. Secondly, technology and third, coalitions, which I think are getting really interesting. Let me start off with big trends and what I think the big trends in the world are. And I was in the joint staff a couple of months ago and there's a cartoon on the wall of the office I was in and there was all these little ants on a log with computers and doing models and simulations and building grand strategies of where they were going. But the log was on the Niagara River right about to go over the falls. It was being tossed about. And there's something about joint staff humor that just doesn't permeate other parts of the Pentagon. But I think that's a good takeoff because one of the biggest trends is that the international system has evolved since the end of the Cold War into what? It's evolved into a system of five or six major powers, most of which have big GDPs and or most of which have nuclear weapons and have a nuclear deterrent. I think we have a tendency to look at this world as if it's sort of we're going to try to steer it with the non-proliferation regime. But I would argue that in most ways this system where it's natural to get nuclear weapons if you're a major power, not universally, I'm aware of Japan doesn't have a nuclear weapon, that this system emerges out of kind of natural causes and that one of the policies that the United States has had in effect for decades, understandably it seems to me, is that this, it's true we are a status quo power, but it's more like it sometimes seems to me as if we're trying to freeze dry the world of 1970 or 1980 or pick your year in the past, which was a very good year. And somehow we can use international organizations, soft power, arms control to steer the world in this direction and give it a little military nudge. And I sort of side with my joint staff colleagues and thinks that the international system just goes, just has its own momentum. But to try to reverse those trends, these deep mega trends going on in the world of countries wanting to defend themselves is basically hopeless and you shouldn't waste your money on it. You sort of have to ride these trends whether you like them or not. I don't think there's much that European powers could have done to fight the transition from the religious wars of the 17th century to the mercantilism of the 18th century. There's just nothing was going to stop these. Among the other big trends is the spread of technology, both the diffusion of technology to countries which don't have big technical bases, but also to major countries which were out of the game technologically, countries like China, until only the past two decades. And to try to reverse this is simply hopeless with technology embargoes. I think this has led to a lot of US foreign policy actions, which is trying to restrain this world to freeze dry it if you will. And gradually you can't do that. And so we're sort of recognizing that we can't do that. And we're sort of moving slowly into the 21st century. Now there's a point John Maurer sort of alluded to this morning that I think was really critically important. And that is that the people in the 1920s or the 1930s are like us today. We don't know what's going to happen. One of the things I like teaching at a business school where I do is that I come into class with a case study like the Target Corporation or Walmart or something like that. And I know the answer to what happened and what the company did. And so I appear really, really smart to my students. Because I can say I'm going to work this back three years and this was the critical decision. Why can't you see that? Well, we don't have that luxury in this business or in the corporate world. But I think the point John was getting at was the really fundamental deep uncertainty, deep strategic uncertainty into what China is going to do, how the international system is going to evolve into the future. Like above and beyond these mega trends. I, for example, can't imagine any of the major powers giving up their nuclear weapons. I would ask you to when was the last time you heard India? Anybody talk about India as saying, well, you must give up your nuclear weapons and sign the non proliferation treaty as a non nuclear state. And the face of what's going on in Asia today in China. I don't think this as the remotest possibility. And this is not an argument against arms control. It's only an argument in favor of the power of some of these deep fundamental, deep fundamental changes. On the nuclear point, I can't help but add that there's nine nuclear weapons states in the world today. And over the past decade, eight of them are modernizing their nuclear forces. We are the only country which is not modernizing their nuclear forces. And even when we embrace arms control, it's still bilateral arms control outside of the NPT, we want to get another start agreement with the Russians. And how what is this structured around? It's structured around the arms control agreement. The next version of start, like earlier versions of start, will be structured around preventing a surprise attack on the Minuteman and B-52 force, which seems to be among the remotest possibilities one has to be considered. But this is sort of, it defines the aperture of the radar that we look at this arms control issue. And I think that's one of the major changes that's going to, going to change in the future. The Navy plays in that game, whether it likes to or not. So that's something that the Navy has to be on top of. Let me shift and make a couple of points about technology, which is not just to say that it's important, but we are in the midst of a technological revolution, not seen since the 1950s, when you had jet aircraft, ICBMs, nuclear weapons, sophisticated radars come in and nuclear submarines, all at the same time. And the confluence of these technologies is something that turned out to be very important. I mean, look at the first SSBN, you really, this comes out of the synergy of five or six different technologies. Nobody could have anticipated that five or six years before. It took foresightful people in the Navy to see the major opportunities there and to deliver that first platform in a very fast period of time. So among the technologies, I would point out to today we have hypersonics, information warfare, precision strikes, stealth drones, financial warfare. This is a dog that has not yet been barking as much, but with the sanctions, interfering with the computers of the banks and the international financial systems. I think all has a very promising future. And I think this has a lot to do with how you, the Navy, think about your strategy in the future, was we really need people that are not just good at ideas at reading Klausowitz and Germany, but who see technological opportunity because technology is becoming a much more important component of warfare, that in the political science literature, there's this debate about which is more important technology and politics. I always thought that was sort of silly because it's the relationship of one to the other. But seeing what you can do with certain technologies, companies like Blackberry and Nokia who bet wrong on technologies were put out of business in one or two years. And to a great extent, I think the international system at the nation-state level is getting to be like business competition, what we call, and here's an academic word, shampaterian competition named after Joseph Shumpeter, which is very different from ordinary competition where you set prices and produce numbers of widgets. That's sort of like how big is your army. But if you invest in the wrong technology and you're a major global company today, you're really cooked. And if we invest in the wrong technologies, we're going to be really, really in trouble. Along these lines, I think another way this impacts the Navy, it seems to me, is this whole subject of what I would call, and I did in the Second Nuclear Age, information transfer. You go back to the visit of President Nixon and his advisor, Henry Kissinger, to their first trip to China in 1972. And people forget that what we did was to transfer information, targeting information to the Chinese from the CIA so they could target Russian nuclear weapons in the Far East better. I mean, we gave them longitudes, latitudes, yields, tracked or mobile. This subject of building up another country is really something you could do very quickly with information transfer strategies. And it gets into sensitive things, but I think it's with over the horizon targeting, and the Navy sort of viscerally doesn't want to do this, but it's really in a coalition where I want to go next, a very important area. I think we need to think about coalitions in a little broader way. We're familiar with the US and Great Britain and Germany and going into Afghanistan and to some extent Iraq, some of them went in there. But there's other kinds of coalitions that are forming, which are less tight in a certain way, but it's really equally important. The US embraces India in a nuclear deal, and we can talk all we want to about how it wasn't aimed at China, but China sure noticed it when it did happen. Today, you have something that is very little noticed, but there's a discussion between the Russians and the Chinese about establishing a joint target planning staff between the two countries, where their two nuclear forces could be combined for joint targeting. And this shows the this idea of looking at the start agreement is among the two superpowers. It seems to me is just so 20th century that it really needs to be looked upon in a broader way. We had Admiral Ruff had at Yale a few weeks ago, and he was describing a world in which there were 20 years from now 200 Asian submarines patrolling around Asia, not counting US submarines. It's 200 submarines. I mean, how are they organized into sort of coalitions? And just one final example also from submarines is a deal which nobody spends any attention on, but has profound implications. And that is the German Israel, Israel, you know, has just bought I think six or seven German diesels. And given US relations with Israel and Germany, it is hard for me to believe this didn't get US approval at some level. And according to public sources, these is widely believed that this is that Israel shifting its nuclear deterrent. So it isn't not entirely land base, but will now be partially sea based. And this just has huge strategic implications for arms control, for operating on the seas around there for nuclear deterrence. But I see almost no strategic thinking or writing about it. Some of my friends in the government have told me that it's too sensitive to think about. And I thought that was an interesting answer. But it doesn't explain the long list of other things you don't think about. So I'll just conclude with a couple of suggestions for the Navy, it's to to really include technology in a friendly way, not to get into a debate about whether it's more or less important than clouds of its, you know, how what are the opportunities you can see in technology? This is a big problem we have in business schools right now, which is how do we teach our students about managing technology and what technologies to invest in and the technology strategy interface? Clearly, we don't want to train them in narrow technology issues. That's not needed. And there's not enough time. But the Navy has a lot of people that are cross trained in technology. And don't forget those folks when you put together your strategy plans. I mean, I look, having any grand strategy be reviewed by some of your technologists would be a very interesting red team on it. And would it get it away from this over intellectualization of grand strategy, or as one of my colleagues at Yale, when he reacts to our grand strategy program, his comment was, I found I find mountaintops to be very windy places. I didn't think that was a compliment somehow. Another idea, constructive idea, and I see you know, picked up on this this morning about we got to get real, we got to get practical. One of the things going around business schools today is this idea of the business canvas. And it's a one page description of your strategy. And it says, if you can't write your strategy, your grand strategy for this company in one page, you can't explain it. So if you can't boil it down to one page, that's a very bad thing if it gets too complicated too quickly. A couple of other things related to technology perhaps is the need for Navy people and all military people to keep a real close contact with what's going on in industrial America. I've just read a great book. It's a biography of Colonel Albert Wiedemeyer, one of the authors of the Victory Plan in 1941 and 42, and how he really could he understood what mid 20th century America could produce. And he linked it up with the invasion of Europe. It wasn't simply a strategy, destroy the German army, it was, how many tanks do you need to destroy the German army? And we really need to have people understand what's going on in corporate industrial America today and the services simply to see so that they understand the opportunities. I'll just give one example of something I've just completed a study on with some people at the Rand Corporation. We can look at a number of metrics of innovation, military innovation and DoD over the past decade. I don't care which one you pick, they all point to the same conclusion. The locus of innovation has shifted from big companies to small and medium size enterprises. If you want an example of that, just look at the very interesting work that DNI is doing and NSA is doing and I realize there's other dimensions of this. I'm not doing a public policy discussion here, but they really have learned how to deal very effectively with lots of small companies in a way that brings those technologies into their business. I don't think anything, I think that has gone on in intelligence. We need to get more of that into the line military organizations. So how to dealing with small companies and just seeing the opportunities and not just turning it over to a big contractor. And I just one final thought I would have because I'm interested in nuclear weapons. I think this whole push for a prompt global strike, whether it's a conventional warhead for the Trident missile that is co-deployed with nuclear missiles on mixed ships and all, that's really got to come back at some point and has big strategic implications for arms control and counting rules that the Navy will be called upon to give their views on. So I think that's another emerging issue we can't get out of. Thank you very much. Thank you. Thank you. Our next speaker is my colleague, Professor Andrea Dew. Professor Dew is associate professor of strategy and policy at the Naval War College and the co-director of the Center for Regular Warfare and Armed Groups. That center has done some very important work on understanding irregular threats and she herself has contributed greatly to that understanding. She is the co-author of the book, Insurgents, Terrorists and Militias, the Warriors of Contemporary Combat and co-editor of Deep Currents and Rising Tides, the Indian Ocean and International Security. Andrea. Thank you. Good afternoon, everyone. Try that one again. Good afternoon, everyone. Okay, so I figure if I can train you, you've also trained me. There are many students in this audience who have trained me how to use PowerPoint. I blame the following slides on them. I take no credit for them whatsoever. So I'm changing pace a little bit this afternoon. And what I'm looking at is the challenge in the 21st century from armed groups, from the irregular adversaries. And part of what I'm arguing this afternoon is to move past taking an ad hoc response to the threats as they arrive and say, let's take a holistic look at these groups, the challenge that they pose and how we could possibly respond to them and work that response into strategy simply as a basis. It's simply a ground truth that we have to deal with these threats in the 21st century. So this is my first concept. This is concepts that I developed here at the Naval War College, working with some of my colleagues here. These are also concepts that I have taught in soft workshops all around the country. We've run red team workshops looking at how armed groups challenge regional and international security. And that's part of what I'm presenting this afternoon. So the first concept is this, if you think about the challenge from armed groups, how do we conceptualize this? They challenge our seams, they challenge our gaps, they challenge the lines that we draw on the map. When we look at areas of responsibility, when we look at joint special operations task forces, when we look at international waters, or local national waters, those are artificial lines that we draw on the maps. Armed groups challenge those lines. They look at the world and they say, I'm going to use this seamlessly. I don't care if you say this is Syria and this is Iraq. For me, it's one big operating space. And if you've drawn lines in the map and you can't cooperate across those lines, even better for me. So when I think about armed groups, I think about how they challenge the lines that we draw on the map, and how they move from the land, to the literals, to the maritime environment, how they move into the cyber environment, how they use legitimate trade and illegitimate trade, all lines we draw on a map that they use seamlessly. And they use these seamlessly for their operations. The second thing that I look at is, if that's how they are using the world, then how are they using this against us? Because we represent states. How are they using this against us? And my argument this morning is there's a multitude of ways that they do this. They exploit these seams and gaps in various different ways. One of the seams that they exploit is our imaginations. If you go back to the 9-11 commission report, there's a conversation there about failure in imagination. The failure to imagine that somebody would hijack a plane, take it off and not wish to land it, that they would do something else to this. Now I'm barring this phrase failure in imagination, but armed groups look at this and they say, we can imagine things that you haven't even thought of yet. We can be an armed group based in Kashmir, for example, and instead of attacking India over the land border, we're going to go via a sea route and use hijacked ships to attack Mumbai in 2008. This is something you haven't thought about, but we have. And this is the perspective from armed groups. Armed groups also exploit the seams and gaps that we see every day. So the wonderful example we have about ants on the log earlier on, these are institutional seams and gaps. I'm sorry, I can't talk to you. You don't have the right authorities or you don't have the right clearance. Armed groups look at this and say, that's wonderful. I know the navy in this region is not speaking to the coast guard in this region. I know that they've never conducted joint operations. They don't even have radios that work. So I can drive straight through that seam and exploit it for my advantage. And the other one that I'm looking at here is also diplomatic seams and gaps. There are many areas in the world where there are strong partnerships and strong alliances that work together well. And there are many areas in the world where that does not occur. We're seeing one right now in the Middle East. If you look at what ISIS is doing inside of Iraq, the solution perhaps to some of the challenges from that armed group to Iraqi sovereignty lie with the Iraqis, but they also lie perhaps with the United States and Iran. And we're going to see a very interesting conversation in the next few weeks that may even look like the United States and Iran cooperating over regional security in the Middle East. I mean, this is mind blowing. If you think back for the last 20, 30 years of U.S.-Iranian relationships, and it's an armed group that's looking at that seam and saying, I bet I can get them not to cooperate. I bet I can work this to my advantage. Some of the other seams and gaps that we're seeing, and this is holistically many different armed groups working on this, social seams and gaps, disaffected youth growing up in areas of the world where they don't see opportunities, where they don't see a quick path to wealth, where they look at the consumerism around them and say, I'm never going to have that, and I'll never have status. Armed groups look at this and they say, but I can provide you with status. Come work with me. Your name will be a household name across the world. You will be on the front page of Rolling Stone magazine. So those are some of the social seams and gaps they exploit. And also legal seams and gaps. And this is something that's near and dear to my heart. I'm looking particularly in the way in northern Europe, how armed groups are exploiting human rights laws. I may stand up in the middle of London at Speaker's Corner and talk about violent attacks in the UK and exhort other people to actually commit violent attacks in the UK and British laws say, I can't arrest you and I can't deport you for doing what you're doing, exhorting people to commit violent acts. So those are legal seams and gaps that these armed groups understand and they exploit them for their own advantages. So I'm going to show you a couple of examples of this, and part of it is to think about this holistically rather than think about one single armed group. Look at the way that they're exploiting seams and gaps. So this map of the Indian Ocean was partly inspired by Bob Kaplan, who's disappeared off for a moment here, his wonderful book Monsoon, and in there he says, what if we conceive of the world not in terms of paycom or sentcom or ucom? What if we conceive of the world in the way that people use the world? Let us place India at the center of the map and look at the Indian Ocean and look at the way that trade and resources flow across and around the Indian Ocean. So the groups that I'm highlighting up here are all armed groups that have a significant use of the maritime environment. Armed groups that are based on land but use the maritime environment to their advantage, and they use seams and gaps in our coverage of the maritime advantage to their advantage. The first group up there that I'm looking at is Lashkaya Tayiba, which is predominantly based in Pakistan that is predominantly carrying out attacks in the Kashmir region, the disputed Kashmir region. Their 2008 attack in Mumbai ended up with a three-day siege and it was a three-day siege where the Taj Mahal hotel was on fire. Everybody can see this across the international community. It's on CNN, it's on Fox, it's on BBC News, they really, this is a focal point attack that everyone's paying attention to, and it was carried out by teams who hijacked an Indian trawler and then used small boats to come ashore in Mumbai. So they used the seams and gaps, the coverage of Mumbai to their advantage. The Navy didn't see them and rightly so because there's thousands of small ships outside of Mumbai, the Coast Guard actually stopped them and they had the correct legal documents, the correct identification. So it's sort of like a traffic stop in New Jersey. There's nothing wrong with your car, you have the correct documents, there's nothing I can do about this. And when the team that attacked Mumbai, that held Mumbai hostage for three straight days, actually came ashore in Mumbai, the fishermen and the slums actually called the coastal police and said, hey there's somebody here that shouldn't be here. And the coastal police said, we have four teams and thousands of miles of coast will be there to take a report. And by the time they turned up to take the report, the bombs were going off across Mumbai. The Victoria train station had already had a massacre and the hotels were already being held hostage. It's an example of how armed groups look at the seams and gaps of institutional diplomatic coverage and use them to their advantage. Now the good news about Mumbai, particularly at the diplomatic level, was the attempt by an armed group to push two nuclear armed regional powers to a hot shooting war, possibly up in Kaggle, was actually was actually subsumed by the conversations inside the diplomatic circles. So you had representatives, actually people who had come to the Naval War College, Indian officers and Pakistani officers on the phone with each other saying you know what this group is trying to do, you understand what they're trying to do, we're not going to let them, we're not going to let them. So we recognize the seamen gap that they're pushing and we will not let them push us to a hot shooting war. But it's an example of the kind of things that armed groups can do. The two other examples that I have up there get bigger and bigger in terms of scale and networks. The group that I have, the Tamil Tigers in Sri Lanka, they actually had their own, the Black Sea Tigers, their own navy in order to carry out attacks in the coast and around Sri Lanka. And as the civil war in Sri Lanka continued, this is a group that said we will we will continue to develop our naval capabilities and they actually had mother ships, supply ships, 800 nautical miles south of Sri Lanka. This is an armed group with its own supply ships, 800 miles nautical south. Now for those of you who are in the navy, you know how vast those oceans are and how much of a challenge it is with the capabilities of the United States to be able to find those supply ships. And so it became an incredible challenge to the Sri Lankan navy. Do we have the resources? Do we have the capabilities? Can our ships even go that far outside of national waters? And the armed group at the time the Tamil Tigers said I know you can't and so I'm pushing that seam and that gap in a maritime environment to take advantage. The Tamil Tigers are also a group that connects up to the diaspora and uses that for fundraising purposes and has a very sophisticated rearmament and supply network in Southeast Asia. So one of the reasons they're up on the map is to show the range of their activities and the extent to which they can challenge the security and stability of a state and the lengths a state has to go to in order to deal with that challenge. And then the third group that I have up there is Jamal Slamir. Now the chances are Jamal Slamir is one of those groups that you probably haven't heard of because they don't do many attacks and threaten our western interests particularly northern Europe and the United States. If you're from Australia or from your Southeast Asia you know this group's name. This is the group that carried out attacks in Bali and in Jakarta and the death tolls are 200 people, 150 people killed in those attacks. They predate Al Qaeda. They were formed in 1992. They have similar concepts about establishing a caliphate but their caliphate doesn't belong to one single state or one single region. They look at Indonesia and Malaysia. They look at Singapore. They look at the south of the Philippines and they say that is our caliphate. They are capable of challenging the legitimacy and the authority of multiple states in that region and they use the maritime environment to their advantage. Using certain areas to hide other places for sanctuary and other places for training and re-equipping. So when we think about the challenge from these armed groups they have multiple networks. They use the Indian Ocean in these examples here particularly the maritime, the sea lanes at will. They are capable of hiding in plain sight and they know their adversaries, the states, very well. They know the seams, they know the gaps. They know where institutions don't function. Oh there's two people inside of this institution, they never talk to each other. I know the army and the navy will never coordinate. I know the legal institutions will never coordinate. I know that in order to deal with the threat that I pose seven nations will have to get together and discuss and coordinate a single strategy. I know they'll never get to that point and they use those seams and gaps to their advantage. So the final point that I'd put out today is to think about these as we move forward into the 21st century a holistic approach to dealing with the challenges from armed groups rather than the single reactionary approach. This is this group, this is where they are in the world, this is what their goal is, this is where this okay we'll deal with that over here is to lift this up and say everywhere in the world that we pay attention to has to have a coordinated strategy to think about the way that armed groups challenge legitimacy, the authority of those states. Thank you. Our final speaker is Dr. Emily Goldman who has had a multifaceted career. She is currently a member of the U.S. Cyber Command Combined Action Group and was formally the Deputy Director for Interagency Coordination Office of Communication at U.S. Central Command. She was Strategic Communication Advisor in the Office of the Coordinator for Counterterrorism in the U.S. Department of State and Associate Director in the Support for Public Diplomacy Office in the U.S. Department of Defense. Prior to that she was an Associate Professor of Political Science at the University of California Davis. She also has a long-standing tie to the Naval War College having been a Secretary of the Navy Senior Research Fellow here at Newport. And for those of you who don't know the SECNAV Fellows Program while it was active brought both established and emerging scholars to Newport for research and teaching. And it was a program that benefited the Navy and the nation greatly. Her most recent book is Power in Uncertain Times, Strategy in the Fog of Peace. And although it's not in her biography, she's also the co-editor of the Information, Revolution, and Military Affairs in Asia. And I know because I'm the other co-editor. And I'll ask her later why it's not in the bio. But for now, Emily. Okay, thank you. Thank you for the introduction, Tom. I think it just means that I can't keep a job very well. I'm gonna, I'd like to talk with you today about cyber and I think some of my comments will really resonate with what Professor Doe and Professor Bracken said. I think, and it's, it's funny, we've been talking a lot about geography. And so I'm going to sort of take us in a different direction. I think cyber is important because it has really large implications for how we operate in the world, for how we understand the strategic context within which our societies, our economies, our militaries are operating. It has implications for global governance and the spread of Western values partnerships. We've talked a lot today about partnerships. What I found in the cyber domain, you'd never talk about partnerships without talking about industry. I mean, that's really a critical piece of helping to work the cyber problem. And of course it has implications for military operations and military logistics. If you want to, if you want to disable the U.S. military, the best way is to go through Transcom and do some sort of disruption of our ability to move our forces. So we really need to think very deeply about cyber and what I'll conclude with when I get to it is really a call for strategic thought because I think this is one area where we really need that. I'm going to start off by talking about the cyber context in terms of the opportunities it presents and the vulnerabilities that we face. And then I'm going to talk about some of the challenges, specific challenges and how we're trying to tackle some of the U.S. cyber command, but ultimately this is a whole of government and a whole of nation problem. It cannot be done by the U.S. government or the U.S. military alone. So let me start off just giving you some statistics which is unusual for me because I'm not a statistics person, but it gives you a real sense of the rapidity of change in this domain. We've talked a lot about enduring rivalries and nationalism and ethnic identities, but if you look at the fact that last year there were 2.7 billion internet users. 2.7 billion. That's an eightfold increase since 2000. By 2015 they predict that there are going to be more internet devices than there are people in the world. And there are over 6.8 billion mobile phone subscriptions which is approaching the total world population of 7.1 billion. So in many places we talk about the the dearth of natural resources and water and electricity, but I will pretty much guarantee you that in places where people do not have water and they don't have energy they have mobile phones. So what we're seeing is that there is an unprecedented access to information, to communications, to social networking, new economic opportunities, and all of that is driven by the fact that we've seen over time the convergence in all of the different ways of communicating into one global internet. The twist on that though is it's the same network that our adversaries live in and our adversaries operate on. So in many ways you know we are operating side by side with them and it's the most open and the most prosperous nations that are the most lucrative targets. And so that leads me to talk about the vulnerabilities. Okay so cyber presents opportunities and vulnerabilities. I would argue that everything we value, our personal wealth, our national economic prosperity, our intellectual property, our defense secrets, everything resides in cyberspace. I wonder how many of you purchased your ticket, your airplane ticket online, never printed out a boarding pass, downloaded it to an app on your cell phone. Totally operating in cyberspace. Cyber crime. I mean that's one that maybe many of you have experienced. We're all familiar with the costly compromises of credit card data. Target was the most recent. The global direct cost of cyber crime last year were estimated by Symantec at $113 billion. So cyber crime is a is a flourishing business. We're also seeing a transition from not just exploitation and cyber theft but also to increasing destructive operations within cyberspace. So one of the biggest examples of this was in the summer of 2012 when the Saudi Arabia's national oil company, Aramco, was disabled by a cyber attack. 30,000 of its computers, the data was essentially destroyed. And it turns out that the networking on those systems is very similar to a lot of the networking within our own critical infrastructure. In the fall of 2012, we had distributed denial of service attacks across 15 of the U.S. largest banks that went on for seven months. Now it was interesting to me because this was very public. It actually made it into the newspapers and people were focusing on it. One of the challenges you have in the cyber domain is that those entities that are getting attacked don't want to talk about it. So it's very difficult to convince the American people that this is really a problem because many companies don't want to lose the confidence of their customers and their shareholders by talking about the vast amount of disruption and of economic theft that is going on. And many of you are probably remember when Mandiant came out and reported that China was attacking over 140 U.S. and foreign entities across 20 different industries, IT, aerospace, satellites, telecommunications. So the attacks are increasing in severity and frequency and in destructiveness. And then probably our Achilles heel which people talk about is our critical infrastructure that we rely on supervisory control and data acquisition systems to run our critical infrastructure, our manufacturing, our transportation, our electrical grids. And we've seen that cyber intrusions into those sectors are rising particularly in the energy sector last year and our power and water utilities perhaps are the greatest points of vulnerability. So in many cases these are seams, these are gaps and they are being exploited. Now aside from the fact that the vulnerabilities exist I would argue that the next piece in the puzzle that makes this all the more challenging for us to deal with is the fact that cyber is likely to be a tool of choice for our adversaries. So not only are we very vulnerable but they're likely to want to attack us in this domain for several reasons. First of all it empowers them so relatively weak unsophisticated entities can project power into U.S. territory deep into U.S. territory. We talk here today about the possibility of engaging in warfare and attacks perhaps on the homeland. I would tell you that the enemy, the adversary is here now. They are here and part of the problem we have is that if you go back and you look for example at international law typically you needed to sort of breach the sovereign territory of another country in order for it to be declared a war. Now what you have are the ability to actually take the wealth from a country without ever entering their physical space physically. So this is something that the business sector government sector is very aware of. We can expect that since we are such an open society and we do have I mean the seams and the gaps and our authorities I mean it's are profound in our ability to see the threat and to respond to the threat and our adversaries know that and they are preparing for the future cyber battlefield now. They're stealing our intellectual property. They're conducting industrial espionage. They're exploiting our defense our financial our communication networks. They're conducting intelligence surveillance and reconnaissance. They're gaining persistence and they're establishing persistent access and they're positioning themselves to battle us in cyberspace to exploit to disrupt to destroy in some cases. So I believe the challenge is a big one. What can we do about it? What I would like to do is talk about several different areas where I think that we need to address as a military as a nation as a member of society and also as a global community to deal with this. The first set of challenges that we need to deal with are those I would group under unity of effort or unity of command and all of you know what unity of effort and unity of command are. So there are different several aspects to this. The first one is bears upon situational awareness and information sharing our ability to see the adversary. You cannot defend against that which you cannot see. And in the physical world the U.S. government has a unique ability to detect and to stop aircraft and missiles that are being launched against us. But the U.S. government cannot see a cyber attack that is launched across our critical infrastructure networks. Okay we cannot see that because 85% of those networks are owned and operated by the private sector. There are statutory barriers that prevent us from operating there and there are disincentives from precluding the companies who are sharing that information with the government. So what we need to do is we need to improve our situational awareness and we need to approve our ability to share information between the government for example sharing threat signatures with industry so that industry and the ISPs can protect are their networks from incoming threats. And we have to be able to support industry in doing this and in some cases give them liability protection in order to share this information with the U.S. government. So situational awareness information sharing is probably one of the biggest challenges. The second one goes to this in terms of unity of effort goes to the notion of authorities and laws and our ability to meet with these challenges. These problems cannot be solved by government alone. It's pretty much taken for granted within government that there is no single public or private entity that has all the resources or all the authorities or all the ability to respond to a serious cyber attack. So we have to do this as a team and we have to figure out how to do this as a whole of government approach but as a whole of nation approach as well. Another dimension of why unity of effort is so important is because of the issue of speed. A cyber attack probably will last only a few seconds in a crisis. It's very unlikely that everyone in the relevant stakeholders in the U.S. government will be able to get together to make decisions. So we have to have standard rules of engagement. We have to consider delegating authorities ahead of time so that our commanders can respond and we have to co-locate authorities so that for example members of the military and the FBI and the intelligence agencies are co-located so they can share across their authorities to help see the attacks and to help use their authorities to respond to them when it is appropriate. So unity of effort as you can see unity of command has several dimensions that are important and a key challenge. The second major challenge I want to point out is what I put under combined arms. I think that the War College students have studied Klausowitz. They studied the principle of mass and the notion of concentrating effects of combat power at the decisive place and time. The mass in cyberspace is relatively easy to marshal because you can from one place control many networks and boxes and see the attacks coming in on the network. But what we need to think about is how we integrate cyber with the physical domains and how we think about integrating cyber operations with kinetic operations. We need to think about how do we synchronize across those? How do we sequence them? And we need to be able to communicate to our military commanders what are the risks of operating using a cyber tool versus a kinetic tool? What might be the differences in collateral damage? Why would our leaders want to choose one over the other? This is an area where I think that we need to do a lot of strategic thought to help people understand the comparative advantages of using this new type of tool versus the traditional ones in the toolkit. So after the unity of effort and combined arms, the third major challenge is capacity. And the key point here are trained and ready forces. We need to have people that are able to operate in cyberspace and Cyber Command is currently standing up mission teams to perform its three missions of defending the nation in cyberspace, supporting our combatant commanders, and defending Department of Defense information networks. But there needs to be the development of a career path for these cyber warriors. And the Navy in many ways was out ahead in the sense of recognizing the importance of creating a specialty in this area. We see in other services it's very difficult to get the intelligence and the communications lines united. Okay. And essentially we people have to think about how do we create just like in the interwar period and we had to create career paths for our air power warriors. We need to think about that for cyber as well. And we need not only to think about what we do with it once they get here but also how do we train and how do we recruit and where is that pipeline and where is that pipeline of talent within the nation which we're going to need across the government and across the private sector. Okay. Great. I'm on time. Another part of the capacity that I think it's very important that we bear in mind is the cryptologic platform. And what I mean by that are the technical capabilities that are resident within the intelligence community within the national security agency the platforms upon which our cyber warriors will depend to do their business. You have to understand the networks in order to be able to operate within them. And we have a precious national resource something that we do very well something that unfortunately the world knows that we do better than anybody ever thought we did. And that is a real crisis in terms of capability and we need to really think about I mean that is was like the jewel in the crown. Okay. That was something that we were we talk about staying far ahead of our adversaries in that capability we were very far and we still are but we need to work even harder to keep that. Let me just point a wrap up with a final challenge and that is basically you can't defend an indefensible architecture. Okay. Basically right now the Department of Defense relies on a patchwork of systems that were never built with security in mind and they're extremely vulnerable to attack and the Navy knows this only too well when last year their networks the Navy networks were breached and it took a tremendous effort to eradicate the intrusions in the Navy and Marine Corps Intranet. You're all familiar with the Heartbleed vulnerability which NSA did not know I did not know have any visibility on that but this is how fragile and how vulnerable these systems are and you understand the importance of them for functioning of our society our economy and our military. So let me just wrap up by saying I hope that I've impressed on you the importance of this domain and the fact that you know what we have now is the fact that the way we create and store wealth and intellectual property and all that we hold dear is now not tethered to territory but a way that it was in the past and so we need to think about how that dynamic maps on to the traditional geographic understandings that we have operating and I want to urge the Naval War College sort of thinking back I would I would argue that we're kind of in the 1950s in terms of the dawn of the nuclear age all right we're thinking about in the 1920s with the innovative work that was done at the Naval War College in area in carrier air power we're at that place in cyber and right now we have a lot of computer scientists engineers brilliant people thinking about it technically we do not have people thinking about it strategically and so I hope that you'll take up the the challenge thank you thank you well these three presentations have collectively given us a better understanding of the challenges that we face now and are likely to face in the future and they've also started pointing us towards what needs to be done to meet them I'll now open up the floor we have a little bit of time for questions I see the first hand right there sir Michael Lutkenhouse please please please stand up so we can there you go thanks I have two questions or it's a two-parter so as we develop cyber strategy how do we square our separation of industry and government targets with our adversaries view economic targets and economic espionage as legitimate government spying and then further how do we link our responses between cyber and kinetic domains should a ship in the South China Sea undergoing a cyber attack be free to respond to kinetically couple couple small questions not not only am I going blind but I'm going deaf so can you translate that I'm sorry the first one went by relationship between government and industry and then the relationship between cyber and okay great sorry so in terms of the relationship between government in industry I mean that it's a critical relationship in terms of defending the networks you're not industry owns and runs those critical infrastructure networks on military depends on those critical infrastructure networks with the you know the recent disclose unauthorized disclosures there it's made those those relationships more tense but I think people recognize that they're still important I think any prospect for cyber legislation that may deal with the information sharing probably is pushed back because of the disclosures and and the the sense that you know industry many industries feel that they are they are taking an economic hit because of the disclosures in terms of the cyber the cyber kinetic I think that in part in part I think it has to be that the commanders understand it you can't leave the cyber to the IT people you know the same way in industry you can't leave your IT to the the chief information officer it's the CEOs and so I think cyber is commander's business and it takes leaders that are willing to learn about it to understand it to understand the people who may be working for them are going to be a different have different qualities and different characteristics so it really is a an organizational and a cultural change the services face but I'm confident they can rise to it so I hope I answered your questions let me come in on the second question which I believe was the trade off between kinetic and IW information warfare attacks and I guess we just suggest we need to look at this in terms of true frameworks substitutes and compliments it's you could substitute in certain scenarios in information warfare attacks so that you did not have to do a kinetic attack but then let's look at the other framework compliments for the first time since the early 1980s it is becoming plausible to write down first strike attacks on the nuclear deterrent of another country particularly if they have small nuclear forces or information warfare attacks compliment precision strike drones stealth and electronic warfare to literally decapitate their nuclear weapons force because it isn't that big to begin with and for countries such as North Korea Pakistan and I would argue Israel is moving her deterrent to see in part for these reasons this is a very very destabilizing situation potentially that the actors involved may not have been thought of so my answer is we need to look at it in terms of not only substitutes just how the US would tend to look at it but also compliments from the red sides point of view sir I'm curious about in the context of cyber warfare or cyber attacks where the lines are between military's responsibility the non-military governmental responsibility and private industry's responsibility I don't think we thought that it was governments of the military's responsibility to protect target from credit card invasions that's just another form of cyber attack so I'm curious as to where those lines are is there a piece of it that you think is particularly the military's responsibility such as protection of the military control systems and communication systems as the military's role go beyond that where's the where the institutional lines here so that's an easy question to answer the military is responsible for protecting the Department of Defense information networks DoD intelligence community the rest of the government networks what we call dot gov is a responsibility of the Department of Homeland Security and the US Cyber Command supports DHS DHS is authorized to do that but if they but but you know across the government you work together because different institutions have different capabilities and in terms of the non-government networks that is the responsibility of the private sector okay now many you know when you think about for example military logistics in US Transcom US Transportation Command it rides on the unclassified on the private networks so you know the government has an interest in incentivizing industry to make it more secure okay into sharing information so there is I think there is a mutual interest they're different interests but I think there is a recognition at the same time the the US government because of its foreign intelligence capabilities often has the ability to see threats that exist out in the world before they come into the homeland so the extent that they can share that information industry can then better protect its networks and its customers that's sort of the way things are organized today you see a need changing that in the future as cyber becomes a more important part of our economy for example protecting our electric grid that seems like that could arguably but not necessarily not necessarily left to the responsibility of the electric utilities who currently maintain them but then you may say that it should be yeah I don't I mean I don't you can all Paul you can probably chime into but I don't think that we're going to see the military given its title 10 authorities doing that I just don't see that and that's why there's a recognition that you've got to work as teams across the agency across the agencies and with the private sector so maybe in an ideal word you might think that would be would be helpful but I don't think that we will see that I think it took about a year and a half to get DOJ, DHS and DOD to agree to one PowerPoint slide which basically identified where the roles and responsibilities were for protecting and defending in cyber and it I mean I kid you not a year and a half one slide so it's basically between DOJ, DOD and DOJ that interchanges basically a voluntary process please between the private sector and the governmental sector I mean I don't I don't foresee at this point like I said the only way that you'll have I think that cyber legislation was has been on the table okay in term and I think that is the way that it's viewed as eventually where we would move toward but I mean who knows you know of course if there is some sort of a major attack right that's when authorities loosen people share I mean things happen after that so possibly but that's great but I sir I'm going to be a little nervous here because I'm retired Air Force and I work Latin America so I'm feeling a little bit out of my element my name is John Calvin we've already talked about Lucifer today so I'll see if I can get through this one of the things that was mentioned and Dr. do you talked about the seams and gaps as they relate to diplomacy alliances and the social aspects in my work with Latin America our partners who we want to be partners talk a lot about different concepts for security state based versus human based security and I'm wondering at the national grand strategy level to me those seem important concepts how that would fit into a navy strategy how we talk about what is security just kind of leave it open ended there but I think the concepts matter putting it all on one page okay so I'm still busy plotting a cyber attack against targets so in the 18 months it takes to put them on a PowerPoint slide I'm having a wonderful time I'm glad that you brought up Latin America the slide that I have up there is just a sampling of three different groups primarily because they have maritime interests and I think it's important to add that to our conversation when I look at Latin America you look at that and say gosh you have all kinds of interests going on at the same time here and particularly on the maritime side of things I think it's easy for nations in Latin America to look at each other and say I can understand your maritime interests we're talking about security and stability of the coast we're talking about trade we're talking about literal waters we could probably find something to agree on there but then when you broaden it out and you have six, 12, 15 different nations having conversations about this you immediately broaden out the conversation about interests and goals and I think this is one of the seams and gaps that if I were planning to do nefarious things in South America that I would certainly look at can I find a seam between the interests of Argentina, Paraguay and Uruguay I certainly can and I can figure out what those might be and can I operate at a point underneath the radar screen that won't necessarily trigger somebody else's response and then can I get various different agencies to spend 18 months figuring out whether they mean human security or they mean physical security yes I certainly could do that those I think are incredibly important seams and gaps but what I think that emphasizes is the importance of conversation and meetings and network and dialogues and it's not necessarily one group emphasizing or strong arming another nation or another definition over somebody else's but a very real conversation that says hey from our perspective these are our threats and these are the opportunities that I see here and then from another nation's perspective I don't see those as threats oh so now let's talk about how we can manage these kind of things so I think there's there's multiple levels to that one of them is this conversation about the threats and the opportunities and how can we be sitting in the same place at the same time and as professionals have that conversation and say respectfully I disagree with you but I can see where you're coming from on this I may have forgot to mention I work at the Inter-American Defense College where that's the conversations we have thank you Peter thank you this is what happens at Yale and other places we get these thank you very much I apologize I'm a Williams guy so I'm sorry to say it in all seriousness my question is is the second part of the theme of this CSF which is challenges and choices and what I want to hear particularly from Professor Dew is why should the American people care about the armed groups particularly the ones that you listed on your slide and if they should care how much because there are a lot of challenges and there are a lot of choices we've heard about a whole set of other very dangerous expensive threats why would yours matter for the Navy I thank my learned colleague on the left for speaking into the microphone and asking me a nice easy question to start with one of the reasons that I put those particular groups up there is because that they do not pose a direct threat to the United States and the United States interests and it's to place that in that situation of dilemma you do have to make choices the easy groups to talk about when we talk about the threat from armed groups is Al Qaeda because we immediately have that reflexive conversation oh they threaten Western interests therefore we have to do something about that those are three groups that threaten the stability and the security and the economic viability of very important regional powers so I think that's where you come into this and say is it in the United States interests to help these economic powerhouses continue to be viable economically to continue to be stable and secure if they are then this is where we start to have conversations the other part where I think really this starts to cross into U.S. interests is the networks that they're part of that are far outside of that region the expats the diasporas that live in multiple other places in the world that send fighters to those regions the cyber networks but also the strategic communications that goes on as well I think that's where that links out to a much broader communications to a much broader conversation if I had focused for example on Syria if you take that from the European perspective the Europeans are having heart palpitations about the number of fighters who are going from European communities to Syria and to go and fight in Syria and they're not necessarily joining the most extreme of the most extreme groups there are people who have looked at what's going on on the screens and said there are children dying and I can do something about this well one of the things that the Europeans look at and say Syria meant not be our problem but the people who are going to fight in those regions and then perhaps come back again to our communities are part of our problems so the reason I put those three up there is that's not a direct threat to the U.S. home landed anyway shape or form but they're connected to networks and they're also connected to states in which their economic viability is tied into things that the United States is interested in so at the periphery yes absolutely should you place all of your eggs in the basket of Indonesia immediately the Indonesians might say yes I would say no but it is very much a case of looking at this and saying what are interests what vital national interests that stay and how to make these kind of choices yeah I think it's a very good question Peter it's let me try to answer that there's a broader point here which is that the military often views themselves as being apolitical and we're trained to view that you know civil military divide but domestic politics matters a tremendous amount imagine trying to do what your question asked what are the choices what are the options in the early 1970s with the reactions of that time that led to the end of conscription a year ago in August we saw an electric reaction opposed U.S. strikes on Syria at the grassroots level so I would put it this way and you're seeing this in the Iraq thing now that right now it's fascinating to me how the foreign policy establishment goes on TV and does its thing and it's taking time for other wings of the parties to pull up but I would put it this way precisely in order to stay apolitical the military needs to understand domestic politics because it will profoundly affect your options and your choices let me let me take actually take another another cut on this as well which and I'll I'll take the liberty of rephrasing your question to more narrowly fit the audience which is why should the U.S. military care and you know further to what Paul just said look political leaders can change their minds about what matters and and what doesn't matter um ultimately it's the military that's charged with being ready to respond either to the threats that have been identified or the threats that a future leadership may identify and the you know the price of unpreparedness is lives and treasure so we went through a period where after Vietnam where we said oh well we're never going to get involved in those messy wars and uh we had good reason for doing that because we still faced a soviet threat across the inner German border and then the price when we did have to engage in those wars was a lot of lives lost and we may be heading into another such era but that's not saying that sometime in the future we may not wind up engaging in just those same types of wars so the question is to the military do you want to be prepared for that or not because the political leaders who today say don't worry about those types of conflicts my guess is will not be held responsible for the consequences of those choices and if so only in the court of history but the you know the military members who are who will be called upon to wage those types of wars will be responsible will be responsible for the troops under their under their command so that's why in my view the US military should care there was a there's a hand over here sir yummy this is a commander Chas Galway and from a US strategic command for Dr. Bracken one of the big topics we're tackling as strategic command right now is what nuclear force posture we need in the future so for you what nuclear force posture do you think the US is going to need in the future and for Dr. Goldman is another problem we're trying to tackle is how best to deter nation states from a malicious cyber activity against the US and this will be our last and this will be our last question yeah I don't have the full slide deck here for the details of this including cost effectiveness relationships but I would say a number of things which is to stop preparing for the Cold War surprise out of the blue rush and attack it is the easiest to model my PhD is in operations research believe me I know how to model this but we need to look at the role of nuclear weapons under more stressful range of conditions in a wider range of conditions to include strategy in a local war how we would deal with other people's use of nuclear weapons how we would deal with the need to use our nuclear deterrent to preserve US neutrality in the event of a nuclear war between other powers and I could give on a long list of things that we've sort of narrowed down the way we we think about these things so I don't think the country and it's not Stratcom's fault it thought leadership of these issues in the frankly the air force to a lesser degree the navy has declined over over the years and we've sort of used legacy concepts because nobody has really cared about these things but those forces are wearing out and as I mentioned at the beginning eight of nine and probably 10 are modernizing their nuclear forces today yeah I would argue I'm not sure that you can deter in the cyber domain I mean people some people it's very common to sort of talk about cyber deterrence because deterrence is something that we understood and thought about a lot in the nuclear domain attribution problems is going to make it more difficult in cyber that we are getting better at attribution in turn now one one other dimension of it might be would we have a declaratory policy sort of a cyber Monroe doctrine people have talked about that takes political will to be willing to you know to uphold that so I'm not that optimistic that we're going to be able to deter cyber attacks well on that note please join me in thanking the panelists