 I'm here with Jeff Kelley, and this is the Cube, Silicon Angles production of MIT's cyber, politics, cybersecurity event. It's actually got a great name. I have to do a justice here. So it's the explorations in cyber international relations. It's the cybersecurity and the governance gap, complexity, contention, and cooperation. This is the fourth such workshop, and it's actually bringing together the best thinkers, people in public policy, people in industry to really try to keep pace with the innovations that are going on in cybersecurity, with the threats and balancing essentially the threats with the other side of the equation, which is value. Adam Siegel is here. He's the Maurice R. Greenberg Senior Fellow for China Studies at the Council on Foreign Relations. Adam, welcome to the Cube. Thanks for coming on. Thanks for having me on. Now, we've heard a lot today about the rapid pace of cyber development, cyber space, and what's going on there, and how international relations have not kept pace. You guys are a very well-known think tank on this topic. What's your take on all this? And then we'll get into China. Well, I think foreign policy actually is probably one of the worst in keeping up with what's happening. Cyber is one of those issues that goes across security issues, diplomacy, trade. Biocratically, we are organized for the industrial age. We're not industrial organized for the information age. And most foreign policy elite tend to be not digital native. They tend to be older and haven't really seen the importance of these values. So I think we're beginning to see the closing of that gap, kind of a narrowing between how foreign policy people think about this and how civil society, business, and all the others are really a driving internet for it. So I wonder if we can learn from the industrial age. So the Council on Foreign Relations was formed what in the 20s? Okay, and so coming into the industrial revolution were foreign relations as well sort of behind back then and what was done? What can we learn from that history, if anything? Well, there's a great example right after the end of World War II in 1947 when the US had a new national security act that helped put in place the institutions and policies for the Cold War. We had a clear enemy, the Soviet Union. We had a strategy of containment, not only allowing the Soviets to expand their influence or their military. And we set up the institutions in place. We had the Defense Department that was to defend the US homeland. We had the State Department. We created the National Security Council to help coordinate the creation of the Central Intelligence Agencies. We had the creation of what were called Title 10 and Title 50 and Title 18 responsibilities which had to do with domestic and foreign kind of responsibilities. Well, cyber all of that doesn't hold any longer, right? The threat is not always on the outside, right? Attacks may come from China but they could be routed through networks in the United States. The threat may not be a non-state actor. It may not be China. It may be what's called patriotic hackers, right? Guys who are doing things on their own. The threat is economic and national security. So all of these original kind of bureaucratic divisions that we made that made sense then are much harder to kind of fit into the threats we're dealing with now. So, and you mentioned you gave an example of some folks acting independently. And oftentimes you don't know whether they're acting, you know, with the guidance of the state or not. So that's got to make it harder to collaborate on a global basis if there's no trust. So, which brings me to China. There's always a lot of rhetoric thrown back and forth between particularly the US and China. What's the state, you know, from your perspective of those relations as it specifically relates to cyber security? I would say trust is pretty low, right? We, and that's probably being generous, right? We had, you kind of have to look at Snowden before Snowden and after Snowden, right? So in the lead up to Snowden in June, right? The US had been mounting a very aggressive public campaign of naming and shaming China as the biggest threat to the US on cyber espionage, right? The biggest threat to US intellectual property. And what we saw over time was a kind of general escalation of what US government officials were willing to say, right? So it used to be in the old days, right? When the Google attack happened in January of 2010, that what happened was Google said we were attacked by a very sophisticated state actor. Had to be China, right? And then everybody would say, well, it had to be China and the press would call me and I would say it's China. But the US government officials would just say it's a state-based actor. Well, what happened in the spring of 2013 is that the US government officials started saying, it's China, right? So we had a speech from Secretary and National Security advisor Tom Donnellan in April that said, it's China. Then we had this big summit between President Xi and President Obama. It was supposed to be a chance for them to get to know each other in kind of a casual atmosphere in Sunnylands, California. And Obama was going to push this issue of cyber espionage and say to the Chinese, look, everyone spies. We realize that. But the type of spying that you're doing, the attacking and stealing of US intellectual property, that is really undermining the international trade regime and our bilateral relationship. So if you guys want to move forward on this, we really have to settle this problem. And then Snowden happens. So Snowden comes out and there's revelations both of US broad surveillance, but also there seems to be these instances where the US seems to be spying, if not for economic reasons, focused on economic organizations for national security reasons. So the most prominent example was the spying on Petrobras, the Brazilian energy company, which the US would say, well, of course, we have to know about national oil markets, but it's not for economic reasons. It's not to help US companies. But that distinction is really lost on the Chinese. And so what you've seen since the NSA revelations is a really ramping of rhetoric on the Chinese side, which says, yeah, we know who the biggest threat in cyberspace is. It's you. It's the United States. And everybody else sees that now too. So is this a cyber arms race that we've now kicked off? Can you draw parallels to the space race? There is clearly there's some action and reaction going on, right? The Chinese like to point out, well, who were the first ones to militarize cyberspace? It was the United States. You guys set up Cyber Command and we're the ones that are backwards and we're trying to catch up. I don't think we're at the place, we're not in a cold war yet, right? Because as you, I think you hinted at it earlier, the relationship between us and the Chinese is just vastly different than it was with the Soviets, right? We had 1% of our international trade is with the Eastern Bloc. China is one of our largest trading partners. They are sitting on a huge amount of foreign exchange. US companies do all of their sourcing in China. So we clearly are competitive in many instances, but we are also cooperating in a whole range of issues. Just kind of building up that last answer. What is the state of kind of, or I should say, what is the impact of foreign relations outside of the cyber realm? What is the impact on the relationship between China and the US when it comes to cyber relations? In other words, do outside factors, other situations, other concerns impact the way the two countries can cooperate on cyber governance and security? They do in that cyber, you could say, right? If you believe, for example, what General Alexander was saying, that this intellectual, the fact that this intellectual property was the largest transfer in wealth and human history, then you'd imagine, well, the US would kick this up to number one or number two when we deal with China. Why aren't we making this the most important issue if this is threatening our national economic wellbeing? But in fact, because we have a whole range of other issues we want to work with the Chinese on. North Korea, Iran, global climate change, global economy, that cyber was pushed down fairly, fairly. And so it's an important issue, it's not the main issue. I think more broadly, the Chinese believe that the United States is working in some way or another to undermine the regime. We do that through a whole range of things and cyber for them is a big part of that. The free flow of information, Twitter or Facebook, which of course are not allowed in China, but they see that as the rest of domestic stability and regime legitimacy. So that makes cooperation on a whole range of issues harder. We also have a different sense of how the internet should be governed. The US has been promoting this bottom up, private sector kind of model for the Chinese from the very beginning. They said, no, cyberspace is just like everywhere else. It's a sovereign realm and states should play a large role. So we've been hearing a lot today this morning some of the earlier presentations about the need for the kind of a multilateral, multi-stakeholder approach to governance. Does China's approach that it's a, the cyberspace is a sovereign area for them to control, does that lead them out of that equation? Is there any hope for bringing states like China into a multi-stakeholder governance environment? It's gonna be hard. I mean, the Chinese, as you probably heard earlier, have been suspicious of ICANN and all the other multi-stake organizations. They point to the Department of Commerce's contract with ICANN. They are not that familiar with how the organizations work and how they can be involved. But they are involved in these more multilateral institutions like the ITU and others. The thing about China is, cliche to say, is of course is that it's changing so dramatically. And so I think we will see over time, and we're beginning to see is that Chinese companies, as they globalize, have a stake in an open interoperable transparent system. If you're a Chinese company and you're thinking about standards, even though the Chinese government is pushing for its own indigenous innovation and its own technological standards, you may like that in the early years of growth when you need to compete with U.S. technology firms. But when you think about globalizing, you actually want global standards, right? You want to be involved in designing those standards. And so we see companies like Lenovo, right? Which is much more involved in a lot of this international technology standard setting. And you could imagine, as the Chinese economy becomes more globalized, that it would try to help develop in that way. Does that potentially open them up to more risks in cyberspace? It seems to me there's, on the one hand, one area to kind of improve relations between two countries is to focus on some of the mutual risks. But it seems if China has essentially tried to wall itself off from some of those risks, maybe there isn't as much overlap or much area for cooperation. But if, as you say, China begins to open up a little bit to allow their enterprises and organizations to start taking a larger role in cyber governance, does that offer some opportunities where there are mutual risks, non-state actors, for example, that could target the U.S. or China? Yeah, I think it does. The question is, how long does it take us to get there? So I think if you read a lot of the Chinese analysts about the U.S., they tend to see us as being much more vulnerable. We're more open, we're more dependent. The U.S. military is more net-centric, and so when they think about cyber as a weapon, they really still see it as an asymmetric weapon, one that's gonna hurt us more than it would hurt them. But that is clearly changing. The Chinese economy is becoming more internet-enabled. The Chinese are very worried about critical infrastructure, the SCADA systems and PLC and all of those, and Stuxnet did worry them that this was gonna be a vulnerability for them. And the Chinese military is trying to look more and more like the U.S. military. So you can imagine that they would be vulnerable to the types of attacks that the U.S. military would be vulnerable to. But couldn't you argue that the state of their infrastructure, because so many cases starting with the blank sheet of paper is more modernized and somewhat less vulnerable because some of the security aspects are gonna be designed in, or is that a fallacy? It theoretically would give you the blank slate to leapfrog the next generation, but Chinese writings don't suggest that that's what's happening. They seem pretty worried about what they're doing, and much like the critique you hear about, we're building the smart grid without any security built into it, you see the same worries in China that they haven't really been thinking of security built in. They've been thinking about how you attach it on afterwards. So we're all screwed, basically? Well, that's probably true, but then again, one of the reasons why we had stability is because we had mutual vulnerability, right? And so there is some hope that with the Chinese, if you get to this point where we are both screwed, then maybe you find some things, common things to work on. And third-party attacks, non-state actors, is one that I have suggested in several times that we said, well, neither the Chinese nor us have any interest in al-Qaeda or any other group developing these capabilities, and so is this an area for us to work together? As the Chinese content, you may or may not know the answer to this, but that's kind of it, as the content filtering system become more sophisticated over the years, I get the sense that China's censorship was like a blunt instrument. Like it, boom, just shut it right off, but it would seem that with the state of technological advancements, they could get more selective and it would be in their best interest to do so because they could foster innovation and their economy. Do you have any visibility on that? Yeah, so it has, there have been several studies done out of Canada and some other places that look at, technologically, it has become much more sophisticated. They don't have to do as much blunt blocking, they can block certain stories. And there was a very interesting study actually done down the river at Harvard here, which shows that in fact, a lot of what is censored on Weibo, which is the Chinese Twitter equivalent, is not necessarily criticism of the government, right? So in fact, you can criticize the government in some instances. What is censored is attempts to organize. So if you criticize the government and just kind of say, this is bad, this is bad, then you're usually left alone. If you say, this is bad and we should all meet up next week, then that gets taken down. So there's a very kind of sophisticated attempt to make sure that discontent isn't converted into any political action, but you're still allowed to air discontent. And the Chinese have been fairly open in saying, we don't have a great mechanism for finding out what our people are really worried about. And so the internet actually does that for us. Let's just know what they're pissed off about and allows us to respond. Did you, I presume you're here this morning with Fadi Shahaneet and talking about Brazil as sort of the great equalizer, I'll call it. Well, what about a counter proposal? What if we just create an oligopoly of cyber governance and just get the big guys, all the big guns to play? I mean, you know, U.S., China, Russia. Yeah. Throw in the EU. What do you think about that? That's actually, the Indians were very worried about that for a while, that the U.S. and China were gonna kind of divide the world amongst them. For a while, there was this idea about a G2, a group of two that was gonna be popular. I just don't see it happening with China. We just, while, you know, people will point out that we share all these kind of common interests, which is true, right? We all have, for the most part, China is still a status quo power. It's interested in the international economy working the way that it has been. Doesn't really want Iran to be nuclear. It doesn't really want North Korea to be nuclear. But when it comes right down to brass tacks, we don't agree about how we should do that, and the priorities are different. So I don't see that happening. And of course, you heard the analogies earlier today about sort of nuclear proliferation. And I've pointed out several times today that scares me, because it's a lot more complex than it was back in the 1970s. What are your thoughts about those parallels and the complexity that we have facing us going forward? Well, on one hand, it's a slightly optimistic example, because the Chinese were actually pretty bad about proliferation, right? In the 70s, and certainly under Mao, they used to say, well, proliferation, non-proliferation regimes were put in place by the Western countries to keep poor countries down. And of course, we're gonna spread nuclear technology to the third world, and that's gonna help all of us. And so in the 80s, we saw the Chinese were selling missile technology and nuclear technology to Pakistan and Saudi Arabia and to all these places. What happened in the late 80s and early 90s was when they finally realized, well, actually, this isn't so great for us, right? And nuclear-armed Pakistan that's destabilized is a threat to us as well. And so over time, you saw a kind of change in mindset with the Chinese. They're still not perfect, right? We still see some slippage on the Iran and North Korea, but they're much, much better than we were before. So it's possible, and with cyber weapons, that they'll have a kind of similar mind change. They'll say, you know what, this kind of proliferation of these malware and vulnerabilities is bad for us too. But it took them a long, long time to get there. And also, we were in a much different position with China in the 70s and 80s. We still had something the Chinese wanted, right? We still had WTO access. We still had access to the market. So hard to think of things that we have now that they want. Do you see China exporting security technology, defensive technologies, or even offensive technologies? I haven't seen it offensive, but I think what we've seen is a kind of exporting of a specific technology internet cybersecurity kind of mindset, right? So what, you know, I don't know if Fadi Shahi spoke about it, but, you know, this issue about capability building, right, in Africa and other places where all these third world countries that are coming online now. You know, the US, we don't have money for that, right? We're doing some of it, but it's pretty small. The Chinese have a lot of money for that, right? And Huawei is big in laying, you know, setting up routers and setting up systems in much of the third world. Well, if you have a Huawei guy who's going to be promoting Huawei security measures, it's likely that you're also kind of absorbing Chinese attitudes toward internet governance and other cybersecurity things there. So I think that is a larger issue for the US, is that, you know, right now we don't have the resources to compete with that. That's interesting. You're saying that China's making a big bet on Africa, which many people think is, you know, has the potential of the next China or India. I know IBM, for example, is making big bets on Africa, and they tend to do so, you know, decades in advance, so interesting to watch. All right, Adam, listen, thanks very much for coming to the YouTube. My pleasure. Great perspectives, really appreciate it. Okay, everybody, keep it right there. We're right back from MIT and Cambridge Mass. This is theCUBE. We're live, and we're right back.